> - FreeBSD Jails and Mac (These are extremely strong security features if implemented correctly. Especially jails are really undervalued/misunderstood IMHO.)
Aren't these are only necessary if you let people you don't trust into your system?
> - PF version runs on multiple cpus (OpenBSD's version is more advanced though)
Personally I dislike running PF on FreeBSD as it requires me to resort to old docs and use old syntaxes.
Jails also have resource limits, so you can have a group of processes that are related, but not started from the same executable, be held to a certain amount of CPU, memory, etc usage. They're also useful in testing/debug situations; coupled with ZFS' copy on write features, they let you quickly create identical environments which can be real helpful in trouble isolation.
Jails provide some protection to the base OS even if the network exposed service running in the jail is compromised. It for much more than local exploits.
> - FreeBSD Jails and Mac (These are extremely strong security features if implemented correctly. Especially jails are really undervalued/misunderstood IMHO.)
Aren't these are only necessary if you let people you don't trust into your system?
> - PF version runs on multiple cpus (OpenBSD's version is more advanced though)
Personally I dislike running PF on FreeBSD as it requires me to resort to old docs and use old syntaxes.
> - Capsicum (security)
Isn't this being ported as we speak?