Well, i don’t care about apples or oranges. What counts for me is only one thing:
Which system can get the job done in the best way without any disadvantages?
And at the moment, this is OPNSense. As you talk about mitigations: It’s even based on HardenedBSD!
So of course it has all meltdown/spectre patches with several other security mitigations on top.
Same security, 3x more performance. That is the situation for me.
As IPFire is free, i am of course relaxed about it and just switch. But if i would be a customer who paid, i would want my money back, because the performance it delivers at the moment is not acceptable.
But … maybe the new Kernel will work better, let’s hope the best
“for increasing performance its applications are now built with link-time optimizations (LTO).”
Is IPFire built with LTO? This can be a big difference.