[PLUG] Good Firewall Distro/Application

David Mandel dmandel at pdxLinux.org
Tue Jun 30 05:07:29 UTC 2009 

This is a pretty demanding list of requirements.
Most of the smaller firewall distributions don't have many of the
desired features.

I personally like the community edition of Smoothwall.  It works well
for small businesses and home usage, but doesn't have load balancing
or many of the other features you need.  I also like Astaro a lot; but
they don't really have a very good community edition and the
commercial edition that does everything you want is (or at least was)
very expensive.

Another option is untangle.  I haven't used it and don't know if it
has all the features you need; but it has a great reputation.

I have read something about a couple other distros that might work.
As I recall, one of these is called trustix.  I might check the
distribution page at Linux.org or maybe distrowatch.org.

David Mandel

On Mon, Jun 29, 2009 at 5:07 PM, Tim Garton<garton.tim at gmail.com> wrote:
> All,
>     Can anyone recommend a good firewall distro or application for
> Linux?  Or, for that matter, I guess it doesn't have to be Linux but
> could be some type of hardware solution as well.  Currently I haven't
> had much luck other than rolling my own, but the only one that I've
> tried extensively is Endian Firewall Community Edition.  In order to
> qualify as "good" I would expect the following features:
>
> 1. Support for multiple uplinks and ability to load-balance between
> them (if it can't load-balance, at least be able to easily switch to
> the other link)
> 2. VPN support (probably IPSEC or OpenVPN)
> 3. Ability to have a failover system
> 4. Advanced traffic shaping - throttle/prioritize traffic based on
> protocol, src/dst port and ip, packet size, tcp flags,
> type-of-service, etc.  ability to guarantee a minimum amount of
> bandwidth for different types of traffic.
> 5. Ability to do DNAT for incoming services
> 6. Real-time monitoring of bandwidth utilization to easily pinpoint
> what the large consumers are
>
> In our current state I guess 3 isn't necessarily a deal breaker, but
> as we continue to grow I can see it becoming more important.  Thanks!
>
> -Tim
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>

More information about the PLUG mailing list