Re: Linux Firewall Distributions

["Kevin Sheldrake" <kev () electriccat co uk>]

Personally, I built mine on gentoo Linux (www.gentoo.org).  It's a bit  
more of an involved install, but it is exceptionally well documented on  
the site (make sure you have Internet access while building it!).  The  
beauty of gentoo is that all the 'packages' are provided in configured  
source-balls rather than binary-balls; while it takes longer to compile  
source than it does to copy binaries, it does mean your installation is  
optimized precisely for your hardware.  Due to the way dependencies are  
handled, it appears that gentoo is free of the dependency nightmare you  
can find with other Linuxes.

In terms of gentoo versus a firewall-configured-linux, you might want to  
bear in mind the following factors:
1) Installing and configuring gentoo by hand means you'll understand a lot  
more about how it works and how to reconfigure it as things change.   
Packaged distros seem to do strange non-standard things that can be hard  
to phathom.
2) Because you'll want to keep it patched up to date, you will probably  
want a distro that has good package management, including dependency  
management.  I think gentoo excels here.  Gentoo are also very quick at  
getting patches tested and published.
3) Because gentoo is built from the ground up, you'll only ever install  
software that you want; you'll never build a gentoo box and find a stray  
service that you didn't want.  This is good for security as well as your  
disk space.

For interest, my gentoo firewall runs two ethernet NICs and one wifi NIC.   
The wifi network is covered by IPSec (using 2.6 kernel IPSec and  
strongswan, at present).  I use iptables to provide the firewalling  
functionality.  Other than a cron daemon and a syslogger, I've installed  
very little else.  And all that runs beautifully on a 266MHz P2.

I've used two packaged firewall linux distros in the past and I wasn't  
impressed with either.  They both performed well, they just made it very  
difficult to hand maintain.

Kev


> Hi Firewall-Wizards,
>
> Does anyone have experience with Linux based Firewall/Router  
> distributions ?
>
> I am looking for a cost-effective firewall capable of handling three  
> security domains (Internal Network, the Internet, and a DMZ) for a SOHO.
>
> A hardened linux box running NetFilter/IPtables with three network cards  
> looks like a good fit.
> However, I would also welcome suggestions regarding low-budget hardware  
> firewalls meeting these requirements.
>
> I believe that the now defunct Linux Router Project  
> (http://www.linuxrouter.org/) has left some successors:
>
> http://leaf.sourceforge.net/
> http://www.smoothwall.org/
> http://www.devil-linux.org/
>
> Please let me know if you have used one of these linux firewall  
> distributions and what your experience was (installation, configuration,  
> maintenance).
>
> Thanks!
>
> Best Regards,
>
> Skander Ben Mansour
> ---
> http://www.benmansour.net/
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



--
Kevin Sheldrake MEng MIEE CEng CISSP
Electric Cat (Bournemouth) Ltd

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards