| I've been using it as my only firewall OS of choice since the 2.5 release in '99. I have almost always used it as a firewall or networking appliance, and only rarely used it as a desktop OS, and never on my main machine. It has evolved over the decades to be a swiss army knife of network functionality that rivals expensive appliances like the F5 in certain areas. Things like PF, CARP, rdomains, relayd, ifstated, openbgpd, ospfd, opensmtp, unbound, nsd and sane ipsec tools among others in the base system allow for some amazing possibilities. Config file syntax of the various tools has been converging on a nice, consistent, mostly self-documenting "standard" as well. Constant auditing and refactoring has proactively fixed many holes before that were used in exploits on other platforms, and has brought a steady improvement in performance over the years. As others have pointed out the entire system has a very consistent and well integrated feel. The documentation is very well maintained. Support of devices with poor documentation or binary blobs has been slow to come, but does eventually tend to make it into the system. 802.11n on atheros is the example of something I personally had to wait a long time for. |