Firewall Wizards mailing list archives
Re: Recamendations on firewalls
From: Aaron Smith <smitha () byui edu>
Date: Thu, 03 Aug 2006 09:57:17 -0600
On Wed, 2006-08-02 at 12:36 -0600, Cody Nelson wrote:
First. I have been using IPcop as a firewall for close to 4 years now, before then I used a slackware box with a bunch of home made scripts. Current firewall hardware. Celeron 300 with 128 RAM. 1 10 NIC, 1 10/100 NIC. I am looking to step up my security and functionality to a higher level. I am looking at other OSS projects and see quite a few. Astaro is top of my list right now, but there are so many others. (m0n0wall, redWall, Endian, etc)
I have been in the same situation lately and I've tested a few of these OSS products. m0n0wall is great, but doesn't have all the features you're looking for. Redwall is the "I can do everything" firewall, but seems like a slapped-together and somewhat poorly managed project.
Some functionality I would like to see. Restricting bandwidth usage. Kind of like squid, but on the firewall.
Huh? Do you mean URL filtering or traffic shaping?
SSL(Web) VPN. (not a priority) IDS/IPS capabilities with the bellow Better logs/reporting with alerts. Port knocking would be cool Web based configuration/monitoring. Handles over 20,000 connections (bit torrent, etc) Posible virus/spam protection.
Well I guess first question what do people think of Astaro? http://freshmeat.net/projects/asl/
On a Celeron 300 you can expect a frustrating experience with Astaro. The web interface will be painfully slow and you won't be able to turn on very many filters/features. I've been using ASL for a little over a year now on a PII 400. It's great that they give home users a free license, but the limit of 10 IP addresses is a pain. I know there are ways around it, but I don't want to monkey around with another router, a dual-NATed connection, and other associated inconveniences (like having to make NAT and firewall rules in 2 places if I need remote access).
Second question, what are suggestions?
A good project I've found is the m0n0wall-based pfsense. It supports more features (many of those listed above) and allows the user community to write modules to extend its features. I liked IPCop when I tested it, but haven't really put it to use yet. I'm likely to roll my own iptables firewall, so it sounds like we're moving in opposite directions. I'm tempted to use IPCop or pfsense for the ease of setup, but I think doing it myself will be a better solution. If adding all that I want becomes too burdensome I figure I can switch over any time. I'd better decide quickly as the box I run ASL on died last night.
Thank you all! Cody
Hope this is helpful. @@ron Smith _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Recamendations on firewalls Cody Nelson (Aug 03)
- Re: Recamendations on firewalls Cody Nelson (Aug 03)
- Re: Recamendations on firewalls Aaron Smith (Aug 04)
- Re: Recamendations on firewalls Matthew Powell - Lists (Aug 04)
- Re: Recamendations on firewalls Fabio Meneses (Aug 05)