[atmosx]

Yes. From my experience:

* PF (default on OpenBSD, a fork exists on FreeBSD) configuration is way more human-readable than iptables. Makes a lot easier to create custom complex rulesets.

* Documentation is much cleaner on FreeBSD (or OpenBSD) compared to GNU/Linux. Again helps you deploy complex solutions easily.

* The upgrade process (using ports or pkg) is well documented, easy to execute[1].

* ZFS makes FreeBSD a very solid file server

So, other than specific software, a clean approach on how start/stop services, where goes what, etc. I don't see any other reason for someone to switch from Linux to BSD.

However, given my experience ruby (I'm a ruby programmer) under-performs on FreeBSD VPSs compared to Linux VPSs while on bare metal doesn't. There are reports citing NetBSD as fastest ruby bare-metal OS. But again, differences shouldn't be all that much between BSD and Linux deployments in bare metal to justify a switch on VPSs though, if deploy ruby apps, I'd say stick with Linux.

[1] Hm. It's easy to execute if you are not afraid to read some extra documentation. But once you get the hand of it, it's really a breeze, never had serious issues with FreeBSD in ~3 years.

[oscargrouch]

+ Dtrace

+ Jails

+ Capsicum [1]

+ Netmap [2]

+ Most performing network stack

+ Resource Management (pretty low memory usage)

+ The userspace tools come with the source (no GNU/Linux duality)

+ Clang/LLVM as default compiler stack

[1] - https://www.freebsd.org/cgi/man.cgi?query=capsicum&sektion=4

[2] - https://www.freebsd.org/cgi/man.cgi?query=netmap&sektion=4

[thiagowfx]

I never understood the main differences between jails and chroots. Would you be willing to explain?

[bespoke_engnr]

FreeBSD jails are like a really mature, full-featured version of LXC as opposed to "just a chroot". In addition to being chroot that provides real filesystem isolation without many of the security issues of a Linux chroot, it also has CPU and memory limits, disk quotas, network isolation, root privilege isolation, all the magical ZFS goodness (provided you're running the jail on ZFS). It's really, really nice.

This is a pretty good overview: https://en.wikipedia.org/wiki/Operating-system-level_virtual...

[rhizome]

Chroots only lock you to a particular part of the filesystem. Jails add process and network resource restrictions.

[vbit]

Running ps in a jail will show the processes in the jail only.

Processes in the jail will only see network interfaces and other devices that have been explicitly exposed to the jail.

As others have said, it's like a vm with no virtualization overhead. You can set up jails with the entire Freebsd fs hierarchy so it runs like another host with its own users. Note that even the root user in a jail is not the same as the real root user. You can then use pkg to install packages within the jail too.

[thelibrarian]

chroot (often referred to as a "chroot jail") limits a process to a certain subset of the filesystem - e.g. you could limit a httpd process so that it can only see /var/www, and it would not be able to see anything outside that, so if there was a security compromise of the web server, an attacker would not be able see anything outside that folder tree.

A FreeBSD jail is a like a lightweight virtual machine, and is very similar to a Docker container in Linux (though it has been around for about a decade longer than Docker). It provides isolation for processes etc., but uses less resources than a full virtual machine. It is limited in that it has to be the same operating system as the host.

[TylerE]

The best thing about FBSD is that it mostly works the same way it did a decade ago. It's a lean, mature, core that isn't subject to flavor-of-the-month changes to core systems.

[pyvpx]

the PF available on FreeBSD is woefully out of date. If you use FreeBSD regularly and don't mess with pf, learn ipfw. it is quite powerful and much more performant.

[rufugee]

I'm surprised this is the case, since pfsense is a very capable FW built upon the pf version on FreeBSD. I've been running it for years with nary a problem. Would you say the outdated version of pf puts people running pfsense at risk?

[atmosx]

Everything he said is true and I know this for sure. But I like PF so much and even the stripped down version of FreeBSD feels awesomely good. You're in no danger what-so-ever. OpenBSD's version of PF has loads of advanced features and way better performance but you'll only notice these things if you need an (very?) advanced configuration.