[zymhan]

I'm just getting started on setting up an OpenBSD router that I want to be the basis for making sure much of my data is secure. I figure I can start with the edge of my network and work in. And for such an important device as an internet gateway, I want to be able to trust it.

[dwc]

> I'm just getting started on setting up an OpenBSD router that I want to be the basis for making sure much of my data is secure.

A bit of warning... I've seen this go wrong when people who don't know OpenBSD do this. Adding an additional OS means learning and "supporting" it.

* If learn your way around, get it set up well, keep your system updated the way you do for anything else, then you'll be in good shape.

* If you learn just enough to get it working and then set it on the back burner for when you can find the time to learn more, don't update it, etc., then you're better off going with an OS that you know and can keep secure.

I'm not trying to dissuade you, but I'd like you to evaluate if you will devote the time to using a new OS on a border device that it deserves. If you will then I think you'll be quite happy with your choice. :)

[niroze]

Indeed! Spoken by someone that seems to have experience maintaining many machines.

As secure as the machine is, its security slowly degrades the longer it is out-of-sync with updates (especially security ones) and/or admins administering the machines aren't good enough.

System administration isn't a set-it-and-forget-it type of thing.