Re: [fw-wiz] Recamendations on firewalls



On Wed, 2006-08-02 at 12:36 -0600, Cody Nelson wrote:
First.

I have been using IPcop as a firewall for close to 4 years now, before
then I used a slackware box with a bunch of home made scripts.

Current firewall hardware. Celeron 300 with 128 RAM. 1 10 NIC, 1 10/100 NIC.

I am looking to step up my security and functionality to a higher
level. I am looking at other OSS projects and see quite a few.
Astaro is top of my list right now, but there are so many others.
(m0n0wall, redWall, Endian, etc)


I have been in the same situation lately and I've tested a few of these
OSS products.

m0n0wall is great, but doesn't have all the features you're looking for.
Redwall is the "I can do everything" firewall, but seems like a
slapped-together and somewhat poorly managed project.

Some functionality I would like to see.
Restricting bandwidth usage. Kind of like squid, but on the firewall.

Huh? Do you mean URL filtering or traffic shaping?

SSL(Web) VPN. (not a priority)
IDS/IPS capabilities with the bellow
Better logs/reporting with alerts.
Port knocking would be cool
Web based configuration/monitoring.
Handles over 20,000 connections (bit torrent, etc)
Posible virus/spam protection.


Well I guess first question what do people think of Astaro?
http://freshmeat.net/projects/asl/

On a Celeron 300 you can expect a frustrating experience with Astaro.
The web interface will be painfully slow and you won't be able to turn
on very many filters/features. I've been using ASL for a little over a
year now on a PII 400.

It's great that they give home users a free license, but the limit of 10
IP addresses is a pain. I know there are ways around it, but I don't
want to monkey around with another router, a dual-NATed connection, and
other associated inconveniences (like having to make NAT and firewall
rules in 2 places if I need remote access).

Second question, what are suggestions?

A good project I've found is the m0n0wall-based pfsense. It supports
more features (many of those listed above) and allows the user community
to write modules to extend its features. I liked IPCop when I tested
it, but haven't really put it to use yet.

I'm likely to roll my own iptables firewall, so it sounds like we're
moving in opposite directions. I'm tempted to use IPCop or pfsense for
the ease of setup, but I think doing it myself will be a better
solution. If adding all that I want becomes too burdensome I figure I
can switch over any time. I'd better decide quickly as the box I run
ASL on died last night.

Thank you all!

Cody

Hope this is helpful.

@@ron Smith

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Wie beurteilt Ihr IPCop
    ... jeweiligen Betriebssystem mitgelieferte Firewall, sondern um die ... da Du speziell nach IPcop fragst. ... so das man HTTPS durch ssh tunneln muss will man die Kiste fernwarten. ... e) Das Addons und Sicherheits updates nicht von der FW gepollt ...
    (de.comp.security.firewall)
  • Re: Debian Proxy Server
    ... The IpCop About page mentions Linux Firewall Distribution about 85 ... but not web caching and filtering. ... Filtering is accomplished by easy to install addons that include Dan's ...
    (Debian-User)
  • RE: What firewall for small medical research lab
    ... I'm installing a new firewall at my current workplace. ... At home I decided to go with pfSense because it has much better Wireless ... It is based around IPCop, but has a whole host of extra features... ... Pay someone to set up a PC based firewall running on surplus hardware ...
    (Security-Basics)
  • Re: Comparing Open Source Firewalls
    ... torn between monowall and endian firewall. ... IPCOP supersedes/overcome Smoothwall. ... whereas Smoothwall uses IPCHAINS. ...
    (Security-Basics)
  • [fw-wiz] IPCop addon problem (Copfilter)
    ... I'm having problems with IPCop addons, ... much the same way you might if you had, say, a Linksys-like firewall. ... It was cake to install (used winspc3 to u/l the tar.gz file, untarred, ... I could no longer hit ...
    (Firewall-Wizards)