A Comparison of pfSense and m0n0wall

I spent some time tinkering around with pfsense today - its very nice. What I like best about it is that it has load-balancing built-in.

Compared to m0n0wall, it has many many more features. That proves problematic for very basic systems, like the soekris net4501 which only has 64mb of ram. m0n0wall runs great on that platform, but pfsense requires 128MB of RAM so its a no go.

m0n0wall does have simplicity going for it, as well as security. Simplicity is nice in many ways - fewer things can go wrong, etc., and with no ssh or servers other than the webGUI which can use SSL, you’ve got a tight box - even the console is very limited.

So I will stick with m0n0wall for now, and I’ll keep trying out pfsense for its loadbalancing capabilities. I’m sort of leaning towards sticking with Debian for load balancing, but I’m open to new ideas.

UPDATE July 15, 2007:

I did a little research on the load balancer in pfSense. It is slbd (server load balancing daemon), based on the FreeBSD 6.x packet filter (PF), and is not able to run on the current version of m0n0wall, which is FreeBSD 4 and uses ipchains for packet filtering. I’m now trying to find out if the newer beta of m0n0wall (which is Freebsd 6) uses PF, and can thus, theoretically use slbd.

¥