DA Differences with FreeBSD and Linux

[rmarriner]

Are there features available in DirectAdmin on CentOS or CloudLinux that aren't available in FreeBSD? I know CloudLinux has resource quotas for I/O, memory and CPU, but aside from that, is there any reason to choose Linux over FreeBSD?

Did a quick search in the forums and didn't really find anything. So apologies if this has already been asked/answered before.

Thanks!

 

[factor]

If you don't need Cloudlinux. Then the only reason I could think of is it coded and tested on Linux first.

If you are familiar with BSD then why not try it? I am sure some of the BSD guys will comment as well.

Either way, you will still have to do a lot of Admining.

 

[wattie]

It's the same and nothing's missing. And it's pretty stable. From time to time something does not work as expected (usually around updates of additional software components - FreeBSD normally uses packages and ports but DA is forcing their own installations and sometimes they just don't want to compile because of compiler settings, additional required software, etc.) but DA support is fast and helpful.

 

[rmarriner]

Thanks for the replies. That’s pretty much what I wanted to hear. I’ve always used FreeBSD as often as I could and love it but didn’t know if it would serve my customers better to be on a Linux based version when I deploy DA here in the next couple days. Not to mention the additional licensing cost if I went with CloudLinux.

Kind of a followup question, maybe need to ask in another section of the forum, but is CloudLinux really worth the additional cost when compared to FreeBSD? And is there anybody who has played with running customers in Jails with DA as to simulate the io resource restrictions that CloudLinux has?

Thanks again!

 

[factor]

I assume you cant use CSF firewall on FreeBSD. So what firewall are you all using? pf ipfw ipw
Do you use fail2ban or is blacklisted similar?

I am experimenting with FreeBSD...

 

[rmarriner]

@bdacus01

You tagged wattie, but I'll answer what I'm using, if you care. I'm using PF with blacklistd. Blacklistd is similar to fail2ban, but it doesn't scour the log files like fail2ban does. Blacklistd is a daemon that other daemons communicate with through a unix socket that adds the blacklisted IPs. So you have to be running a service that knows how to talk to blacklistd either with compiled in support or a module. From what I remember blacklistd is compatible with FreeBSD's IPFW and PF firewalls as well as compiled into the base SSHd implementation (enabled with "UseBlacklist yes" in sshd_config).

The FreeBSD handbook has some documentation on Blacklistd: https://www.freebsd.org/doc/handbook/firewalls-blacklistd.html

Hope that helps!

 

[factor]

if you care

I totally care. I was rude. I should have welcomed you to the forum a while back. I can take the at Wattie out. He is the one FreeBSD guy I know other than you..now

I'm using PF with blacklistd.

What made you choose pf over the others? Lower memory? Better performance?

Blacklistd is similar to fail2ban

Yeah based on what I read in the handbook seems similar. Although seems F2B might be better since it reads the logs. Thought?

I am testing FreeBSD currently but mostly a Linux guy since the 90s. Mostly because I love Unix and learning. Also seem to have a growing aversion to Systemd.

Thanks

 

[rmarriner]

I totally care. I was rude. I should have welcomed you to the forum a while back. I can take the at Wattie out. He is the one FreeBSD guy I know other than you..now

It's no biggie, I guess I could have worded that a little better now reading it back to myself. Anyway, thanks for the welcome now.

What made you choose pf over the others? Lower memory? Better performance?

I actually haven't done the performance metrics on the different FreeBSD firewalls. IPFW of course is the "official" FreeBSD firewall, but I never really got into it. It feels clunky to me having to prefix every rule with the command to ipfw as well as numbering all the rules. I don't want to do that. PF seemed to flow better for me. I use includes, macros and tables quite extensively. I also liked the fact that PF is what pfSense is based on. The one caveat is that it is last rule match as opposed to first rule match. I have found it easy to simulate a first rule match algorithm however using the "quick" keyword.

Yeah based on what I read in the handbook seems similar. Although seems F2B might be better since it reads the logs. Thought?

Right now I only use it to monitor SSH and since it's built into the FreeBSD base, it's one less package I have to maintain outside of freebsd-update. I suppose if I the monitoring to include more daemons I would consider switching to F2B since it seems it's far more versatile.

I am testing FreeBSD currently but mostly a Linux guy since the 90s. Mostly because I love Unix and learning. Also seem to have a growing aversion to Systemd.

I'm vaguely familiar with systemd as I've played with CentOS before. I've pretty much always been a BSD guy, but I know it stirred up a lot of controversy in the linux world. So I won't open that can of worms... lol!

Lastly, welcome to FreeBSD! . The official FreeBSD handbook is wealth of information and while I haven't read it myself, I've heard that the "Absolute FreeBSD" books are pretty good. I've read the author's other books in the "FreeBSD Mastery Series" and I find them pretty useful. I'm not a committer and I don't maintain any packages, but if you have any FreeBSD questions feel free to ask. I probably won't know but I'd be glad to try lol!

 

[factor]

I'm vaguely familiar with systemd

Makes you lucky..
Try MX linux No systemd

he monitoring to include more daemons I would consider switching to F2B since it seems it's far more versatile.

Mostly why I am interested. need to monitor ssh, ftp, exim, and logins. stuff like that.

PF is what pfSense is based on

I have used PFsense and opnsense like them both.

"Absolute FreeBSD" books are pretty good.

I love books so thanks

 

[wattie]

I use IPFW and there is a thread in the forum on how to integrate it with the Brute Force Monitor in DA. It works flawless.

 

[sysdev]

We have moved from FreeBSD to Linux (after using FreeBSD like forever) because stuff on Linux is faster supported. Linux has a much bigger userbase so new software is often out on Linux before it is backported to FreeBSD. More users also means faster answers to questions. We still use FreeBSD but mostly for unmanaged servers and customers who really can't live with *BSD.

 

[factor]

I use IPFW and there is a thread in the forum on how to integrate it with the Brute Force Monitor in DA. It works flawless.

Thanks.

Thanks for all of your help here on the forum wattie. Your thoughts are always welcomed and good.

 

[factor]

Hey Sysdev

stuff on Linux is faster supported

Can you give examples? Are these related to DA as well? I found I was able to install DA easily on FreeBSD. I don't see I am really missing anything other than CSF. Docker as well but it's not related to DA.

I would think the Linux user base is bigger. Mostly since Philosophy is different apparently.

 

[wattie]

While it's true that most of the software is released faster on Linux and is later ported to BSD, in the general case we are talking about a delay from few hours to 1-2 days (when the update is not critical). I can't say it's a very big deal. And the FreeBSD community is pretty helpful.

 

[sysdev]

Hey Sysdev

Can you give examples? Are these related to DA as well? I found I was able to install DA easily on FreeBSD. I don't see I am really missing anything other than CSF. Docker as well but it's not related to DA.

I would think the Linux user base is bigger. Mostly since Philosophy is different apparently.

Maybe not DA related, but one example I remember from the past is the ZFS version/functionality. ZFS on Linux had a higher version than ZFS on FreeBSD (BSD lacked deduplication at that time). And that type of updates took months, not a few days. There are more examples and that's not strange. E.g. the migration tools for vm's on xenserver. It took a long time before this was available on BSD which prevented us from using HA freebsd machines om XenServer.
Most developers on freebsd are volunteers while a lot of the devs on linux are payed companies. On the other hand, BSD is more tested before it's released so in my opinion also more stable.