Best Open Source Firewall

[SoundsGood]

What's the best open source firewall? Pfsense? Smoothwall?

This will be ran on a VM with 2 dedicated NICs if that makes any difference

 

[SMN]

Er... probably pfsense, smoothwall is always a bit too bloaty for me.

 

[sidethink]

+1 Pfsense

 

[tntcoder]

iptables/netfilter is perfectly adequate.

 

[KIA]

http://www.pfsense.org/

 

[SoundsGood]

Looks like pfSense it is!

Would anyone be able to tell me how these solutions compare to off the shell ~£100 hardware solutions?

 

[PermaBanned]

Looks like pfSense it is!

Would anyone be able to tell me how these solutions compare to off the shell ~£100 hardware solutions?

I'd quite like to know why you feel you need one over the built in security? Namely netfilter/iptables...

 

[SoundsGood]

Just curiosity really and it wont cost me anything to run a VM 24/7 as my server is already switched on.

At the moment I'm using IPSec to secure RDP but I have HTTP processes wide open

 

[Dunks]

I'd quite like to know why you feel you need one over the built in security? Namely netfilter/iptables...

A million times easier to configure and manage for fairly complicated setups.

 

[Djwayne]

A million times easier to configure and manage for fairly complicated setups.

Depends I us firewall builder to make my iptables configs and its easy. It allows you to do very complicated setups graphically then just run the created script much easier than running a completely seperate firewall.

http://www.fwbuilder.org/

 

[inSilica]

iptables/netfilter is perfectly adequate.

Yep!

Waste of space / resources and time .... otherwise

 

[mortals]

pfsense is good for advanced/corporate networks
for small networks, iptables.
If you want something simple, fwbuilder (as mentioned above) should do the job.

I guess it depends on what you want to do.
I have a embedded linux firewall for my home network and just use iptables scripts, but on large sites/networks I use pfsense.

Would anyone be able to tell me how these solutions compare to off the shell ~£100 hardware solutions?

I've seen some horrible off the shelf products that don't touch pfsense.

 

[SoundsGood]

I've tried both of them now, Smoothwall was the easiest to install due to the Hyper-V querks on pfsense, but pfsense seems to have far more options (except no Squid ) and pfsense doesn't randomly lose it's DHCP lease (like Smoothwall did).

I can see myself spending many hours tweaking this

 

[ecksmen]

I've tried both of them now, Smoothwall was the easiest to install due to the Hyper-V querks on pfsense, but pfsense seems to have far more options (except no Squid ) and pfsense doesn't randomly lose it's DHCP lease (like Smoothwall did).

I can see myself spending many hours tweaking this

How did you set it up on hyperv? I found that the internal clock would drift a lot - giving various errors and possibly why you're DHCP leases are expiring.

Smoothwall I'm sure has squid built in - but you can do a custom smoothy with the likes of dans guardian.

 

[whitecrook]

Im sure you can install squid on a pfsense box but I do remember reading it wasn't recommended or something. Why you using DHCP, surely your fw should be statically assigned it's ips

 

[SoundsGood]

Im sure you can install squid on a pfsense box but I do remember reading it wasn't recommended or something. Why you using DHCP, surely your fw should be statically assigned it's ips

Yea it's probably not the best idea for security.. but I like the caching. DHCP was because it was on the DMZ and my public IP changes all the time

 

[SoundsGood]

How did you set it up on hyperv? I found that the internal clock would drift a lot - giving various errors and possibly why you're DHCP leases are expiring.

Smoothwall I'm sure has squid built in - but you can do a custom smoothy with the likes of dans guardian.

Hyperv: http://forum.pfsense.org/index.php?topic=44568.0

The clock seems fine so far, apart from the logs being ~2 minutes in the past.

Smoothwall does have squid built in, but pfsense doesn't unfortunately