Anyone tried any firewall type distros at all?

MikeHunt79 · 1 Oct 2010 at 14:33

If so what are your experiences of them? If so which distros are the best for this sort of thing? Ideally I'd like something that is easy to set up and I must admit I don't have loads of Linux experience.

I've googled and found that there are quite a few, but I have no idea which ones to try so choosing one would be a stab in the dark so to speak.

I've got a box with a BB router attached, and it's going to sit between a small network of around 10 machines.

EDIT: Is IPCop any good?

Evil-I · 1 Oct 2010 at 16:27

I tried Smoothwall a few years ago, was great for for the use it was put to (hardware firewall for a smallish company). Personally I tried it at home, but found that I could do the same with a full blown linux distro and have the advantage of all the other things it could do.

Advantage with smoothwall was once installed you did everything else via a web interface so it was very easy to use and didn't require any linux knowledge.

E-I

tntcoder · 1 Oct 2010 at 16:44

pfSense is great, it's BSD based and fairly easy to use. Very secure and does the job nicely

I've also only heard good things about IPCop, never used it personally though.

JonJ678 · 1 Oct 2010 at 17:08

I spent some time playing with ipcop as a virtual machine. I'm now playing with debian stable, and writing iptables rules myself. The syntax is intuitive enough, and the flexibility is much improved.

The most useful links I've found are:
http://linux-firewall.org.ua/0672327716/ch03.html
http://lartc.org/howto/

It'll be easier to set up one of the ready-made versions, but possibly less easy to troubleshoot and maintain.

dave-lew99 · 1 Oct 2010 at 17:41

I've tried Endian FW, IPCop and pfSense over the years, honestly, i think they're all awful.

The problem is that as soon as you want to do something outside of the scope of their web interfaces it will all crash and burn - like trying to do PXE booting with Endian - everytime you updated the web config, it overwrote the manually configured files (yet didn't provide options for the things i needed to put in via the web interface)

In short, do it yourself, at most, use Webmin, that generally doesn't screw things up when it sees config parameters it doesn't have an interface for.

LizardKing · 1 Oct 2010 at 20:22

For our non business critical applications we use PFsense.
Its an absolute breeze to set up and use. If you do need anything specific you can ssh into the box.

MikeHunt79 · 2 Oct 2010 at 16:44

Thanks all, I think I'm going to use a normal distro and write the iptables rules myself.

Hopefully this will allow me to also use the machine for other handy things like automated backups if I need to further down the line.

MasterPlan1 · 2 Oct 2010 at 17:42

I'm planning on using pfsense until I find the time to work out how it does the multi-wan and do it myself, then I can use the server for something a bit more than just pfsense, as an industrial standard atom board is a little bit overkill for the purpose of just running something which can run on a pentium 1

Sone · 10 Oct 2010 at 11:11

Evil-I said:
I tried Smoothwall a few years ago, was great for for the use it was put to (hardware firewall for a smallish company). Personally I tried it at home, but found that I could do the same with a full blown linux distro and have the advantage of all the other things it could do.

Didn't know smoothwall suddenly gave you asics