best and easy handle FREE Linux based Firewall ?
August 19, 2009 8:47 AM   Subscribe

Wich solution is the best balance between control and easy handle of a FREE Linux based Firewall ?

I'm not a noob but not a super expert either...

I'm NOT looking an end user sofware like ZoneAlarm or Kerio.

Some told me Shorewall, others Coyote, others SmoothWall, IPCop ...
I don't know wich one to choose.
I would like to do traffic shapping.

The best would be to collect get real experiences.
Thank You !
posted by amomp3 to Computers & Internet (9 answers total) 3 users marked this as a favorite
 
Is this for personal use, in an office environment, a datacenter? What kind of requirements are you dealing with?
posted by swngnmonk at 8:55 AM on August 19, 2009


Hmm we use pfsense here which is all web gui based and I think is pretty user friendly while having all the fetaures. Here at work we are usinbg it because normal not expensive routers cant handle full 100/100 inet connections.
posted by majortom1981 at 9:16 AM on August 19, 2009


http://m0n0.ch/wall/
http://www.pfsense.com/

BSD based. Not sure how wedded you are Linux or what you considered easy. This are, however, the two I've heard most often spoken about after OpenWRT fell out of favor.
posted by prak at 9:29 AM on August 19, 2009


Smoothwall and IPCop are (last time I checked) standalone distros which will want a whole system to convert into your firewall. Which is fine unless you want (like me) to use that system for something else, such as a web server.

I use Shorewall because I'm OK with command-line usage and text file configuration. It's fairly easy to work out how to use it from the online documentation, and since it's a mature product there are plenty of recipes out there for specific needs. For example, I needed to run OpenVPN with Shorewall and found documentation for that very quickly. A quick Google for "shorewall traffic shaping" provides info about how to do that.
posted by BrokenEnglish at 9:30 AM on August 19, 2009


Untangle
posted by ijoyner at 9:35 AM on August 19, 2009


BrokenEnglish: "Smoothwall and IPCop are (last time I checked) standalone distros which will want a whole system to convert into your firewall. Which is fine unless you want (like me) to use that system for something else, such as a web server."

Not necessarily. You could always run them as virtual machines (even on a non-linux host).
posted by PontifexPrimus at 11:12 AM on August 19, 2009


Response by poster: swngnmonk: " What kind of requirements are you dealing with?"

It's a car dealer where 15 people use a lot of VPN to connect with the manufacturer and at the same time in the sales room another +-15 uses wifi access with their own laptops (therefore i can't control those surely full of virus systems) .

I want to do traffic shaping and priorize VPN connections cause i don't know if it's the Cisco client (mandatory) or what but VPN drops very often.

I have 30KB outbound and 3MB inbound. Wich i know it's very poor.
posted by amomp3 at 6:34 PM on August 19, 2009


I use pfSense at home and love it, doesn't take a huge system to run it. Mine is a Pentium 4 at 1.7 ghz with 256MB ram. It runs just fine. I used to use Smoothwall but it seemed slower and had much higher load averages.
posted by DJWeezy at 7:02 PM on August 19, 2009


Response by poster: these firewallls can cache webpages for faster browsing also ? (so when this cache is called i wouldn't be using outbound or inbound connection resources)
posted by amomp3 at 8:48 AM on August 20, 2009


« Older DC Filter: Good men's haircut in DC or Arlington?   |   Unpretentious jazz in New York City? Newer »
This thread is closed to new comments.