Seven Different Linux/BSD Firewalls Reviewed

Firewall November 14th, 2007


Did you know more than 500 million computers in the United States have been disposed of in the last 10 years?

That’s approximately 2 computers per person! One of the best ways to re-purpose an old computer is to install a Linux or FreeBSD firewall distribution, and use it to run your personal, home office, or small office network is one way to keep “obsolete” technology from ever reaching a landfill.

Help the environment by reusing an old computer as a firewall. It will protect your computer from internet worms, save you time, money and most importantly - improve your internet experience as a whole.

Fact: A wireless router at an electronics store that can cost in excess of $100 is actually slower than any computer made in the last decade. Really! Most routers off the shelf at a store only have a 200MHz processor and 16MB of RAM.

By today’s standards, the 500MHz computer that’s been running quietly in my closet for the past 3 years is beyond obsolete. More than ten generations of processors have come and gone since this computer rolled off the assembly line.

Keep that wallet in your pocket, don’t be a sucker and spend lots of money on a slow, horrifically overpriced home networking product. There’s a good reason why companies like Linksys (a division of Cisco), Netgear and D-Link are worth multi-billions of dollars and continue to climb. Consumer spending on products with home network connections will reach over 17 billion dollars this year.

Here’s the criteria each platform is graded on:

  • Installation & Configuration
  • SSH
  • VPN
  • Graphical Interface
    • Ease of Use
    • Functionality
    • Style
  • Extensibility (Add-ons, Plugins, etc)
  • Speed Testing

Each item in the list is given a value of 1 to 10 (10 being the highest), then averaged to obtain the final score.

hp_vectra2.pngThe testing platform we are using today is an HP Vectra slimline PC. Considering the computer was FREE (as in beer) after a company upgraded their workstations, the specifications are nothing to scoff at.

  • Pentium III 500 MHz
  • 192MB of RAM
  • 1GB Transcend disk-on-chip IDE module
  • Dual 100Mbps NICs

We’re taking a look at no less than seven different firewall products today:

Firewall Graph

I’d like to draw your attention to the size column. Size is NOT everything (that’s what she said) when it comes to firewall distributions. Wireless routers that may run your home or office network right now pack a ton of functionality into a package as small as 2 megabytes. FreeBSD, Redhat, and Debian are the building blocks for these home networking appliance distributions.

Let’s take a look at each one in more detail.

ClarkConnect Clark Connect Logois a BEAST - in a good way. It’s really hungry for a faster processor than I can throw at it. The list of features really blow everything out of the water. It’s not just a router or firewall platform, it’s like someone asked themselves a question: “What is EVERYTHING a small office could EVER need in a networking server?” ClarkConnect provides three different robust VPN connectivity solutions using IPSec, PPTP, OpenVPN, along with web proxy and web filtering. Additionally, it provides an SSH server, Quality of Service (QoS) filtering for common P2P applications, Intrusion Detection, and much, much more including email server, file, print, database and web serving. Not to mention a fairly comprehensive group ware suite, which has calendar, contact, tasks lists, and provides a paid option for using Microsoft Outlook Connector to allow everything to go right into Microsoft Office Outlook.

ClarkConnect is certainly a jack of all trades. Doing everything is great, but how well does ClarkConnect do it? On the testbed, installation was easy, and had an informative installation progress screen. The first time running through the installer, there was a problem with not having enough disk space. After rebooting and trying again, I chose to utilize Disk Druid, a partitioning program - instead of the auto-partition mode. Everything worked just fine after that. I believe the problem lies with the testbed - 1GB of space is not alot to work with, but fortunately they provide a manual partitioning method. It also prompts to create a GRUB (bootup) password, so that if the device is physically compromised, it would be more difficult for someone to maliciously (or accidentally) make changes to the system.

Configuration was an overall negative experience. It got confusing, not to mention frustrating. A small business owner who doesn’t know much about networking or computers, would be best to consider hiring a professional to do the initial installation, or paying for a yearly support contract from the vendor, or for a single incident. An interesting feature ClarkConnect leverages very well during configuration stages is a graphical interface to the system. Every other firewall reviewed here either has a very sparse text-mode or console configuration. ClarkConnect wants to make it easier. Just point and click to configure the system, which is nice - but it does not contain all of the features as the text-mode configuration tool which is also provided.

The Web Graphical Interface is easy to use. Items are categorized in a logical fashion and it doesn’t take much hunting to find something you want, if you don’t know where exactly it is in the menu. Style-wise, ClarkConnect is the only option in this roundup that provides a theme switcher - it is possible to use a very slick, visually appealing interface, or with a few clicks, just change to another theme which is less eye-candy, but probably more familiar to most people who have configured a wireless router in the past.

Many companies, like ClarkConnect, release a “community” version as well as a paid version which includes more features and support options, add-ons such as email and virus scanning is available on a subscription basis, and with so many features to start out with you might not need anything else to help to run a small business.

gatewayclarkconnectlan-dashboard.pnggatewayclarkconnectlan-current-status.pnggatewayclarkconnectlan-system-statistics.pnggatewayclarkconnectlan-dhcp-server.png

gatewayclarkconnectlan-software-registration.pnggatewayclarkconnectlan-critical-updates.pnggatewayclarkconnectlan-running-services.pnggatewayclarkconnectlan-webconfig-settings_3x.png

gatewayclarkconnectlan-webconfig-settings_4x.pnggatewayclarkconnectlan-webconfig-settings_huron.pnggatewayclarkconnectlan-encrypted-file-system-manager.pnggatewayclarkconnectlan-official-modules.png

Consider IPCopIPCop Logo to be the baseline for features, usability and extensibility. The installation CD is simple, but employs a non-linear configuration that some may have difficulty using the first time around. A nice touch is including MemTest86 on the CD and including that as an option on the initial bootup. The program will systematically test your RAM and determine if there is a fault, and as a computer gets older, the likelihood of that happening becomes more of a reality.

The auto-partitioner worked great, unfortunately the installation procedure does have one glaringly obvious flaw. When the setup routine attempts to detect network cards, it cycles through every single network card that is supported. After the first card is detected, it prompts you to set that as the “GREEN” interface, also known as the LAN. Once it’s found the first NIC and assigned it to LAN, you can’t change it to “RED” or as the WAN interface. Mildly annoying, but thankfully the workaround is pretty simple, just reboot and start it again.

The web-based configuration tool is absolutely simple. Setting up SSH is just a checkbox away. VPN support is focused on a solution to provide IPCop-to-IPCop connectivity, but an OpenVPN add-on exists. Speaking of addons, there is a HUGE modding community devoted to adding features into IPCop. The webGUI style is in a word, tacky. It’s a good thing that it can be easily modified. A few changes to colors and background images later, it looks much, much better. Functionality-wise, IPCop makes it easy to forward ports, but does keep a few ports to itself that you cannot utilize, such as port 222 for SSH. Printing is not an option. I haven’t been able to find any 3rd party modification that allows print serving. The graphs are simplistic, yet very informative.
ipcop-main-page.pngipcop-updates.pngipcop-remote-access.pngipcop-status-information.png
ipcop-system-graphs.pngipcop-network-traffic-graphs.pngipcop-dhcp-configuration.pngipcop-traffic-shaping-settings.png
ipcop-port-forwarding-configuration.png

monowallmonowall.png is by far, the smallest of the bunch. The entire thing is contained in a measly 8 MB CD image! monowall is first and foremost, a routing platform. Nothing more, nothing less. The distribution comes in two flavors, either for embedded systems or for regular PCs. Installation the first time around may be difficult for a beginner, since it refers to network cards by their FreeBSD driver name, instead of something a human can easily interpret. Which is easier to understand: “fxp0″ or “Intel Pro 10/100+”? Why not provide both peices of information to the user?

VPN is well supported with both IPSec and PPTP options. SSH access can be enabled by a 3rd party add-on. Print serving is unsupported. The configuration page for monowall uses K.I.S.S. (Keep It Simple Stupid) to great effect. It’s brain-dead simple to set things up. However, two things stand out as being somewhat awkward, those being static DHCP and advanced settings. Otherwise, it’s fantastic. Ever had P2P traffic slow down your internet surfing? Check one single box in the GUI, and instantly you have over 20 different protocols that are instantly filtered using QoS to make your internet surfing experience as pleasant as possible.

Add-ons are not easy to incorporate, and require modification of the ISO image, but monowall is not designed to be anything more than a router and firewall. Extra features like a wireless AP feature that can be used with the captive portal function, Wake on LAN interface, and probably the smallest feature I could point out - the uptime is printed on the console when rebooting. Small things like that show an extremely polished software platform that delivers.

m0n0walllocal-system-general-setup.pngm0n0walllocal-status-cpu-load.pngm0n0walllocal-status-traffic-graph.pngm0n0walllocal-firewall-traffic-shaper-magic-shaper-wizard.png

m0n0walllocal-firewall-rules-edit.pngm0n0walllocal-status-interfaces.png

pfSensepfSense Logo is a hybrid of sorts, that has multiple sources for it’s major components. It was originally derived from monowall, but uses OpenBSD’s ported Packet Filter, a package management system to provide an integrated extensibility to the platform and Alternate Queuing (ALTQ) from FreeBSD. This Frankenstein is no slouch when it comes to performance, features and usability.

Installation uses the same monowall device naming system which is clunky, and also does not provide the entire name of the device. Once installed, the console has several options, one of those which is a program called “pfTop”, if you’ve ever needed to be able to view where most of your network bandwidth is being used from a console, now you can very easily.

The web GUI is absolutely fantastic. It’s got initial setup & traffic shaping wizards, a captive portal, load balancer (nice!), OLSR (ad-hoc wireless AP mode), Wake on LAN wizard, different selectable themes for the GUI, OpenVPN, IPSec, and PPTP VPN are all included by default, failover, and packet capturing!

Wizards for traffic shaping and initial setup - not anything new, almost any router you can buy today has them, but when you see them for the first time included in a firewall distribution, it’s great to see changes that make a product easier to use. No other firewall we’ve looked at has three different VPN options.

pfsenselocal-pfsense-webgui.pngpfsenselocal-system-advanced-functions.pngpfsenselocal-system-general-setup.pngpfsenselocal-pfsense-setup-wizard.png

pfsenselocal-general-information.pngpfsenselocal-configure-wan-interface.pngpfsenselocal-configure-lan-interface.pngpfsenselocal-pfsense-traffic-shaper-wizard.png

pfsenselocal-pfsense-traffic-shaper-wizard2.pngpfsenselocal-pfsense-traffic-shaper-wizard3.pngpfsenselocal-pfsense-traffic-shaper-wizard4.pngpfsenselocal-pfsense-traffic-shaper-wizard5.png

pfsenselocal-pfsense-traffic-shaper-wizard6.pngpfsenselocal-pfsense-traffic-shaper-wizard7.pngpfsenselocal-status-interfaces.pngpfsenselocal-status-traffic-graph.png

pfsenselocal-diagnostics-packet-capture.png

SmoothWall’sSmoothwall Logo installation is simplistic, and the GREEN/RED interface descriptions are an easy idea to grasp. One of the best features is a Java SSH client that runs right in the web interface - slick. Smoothwall’s VPN is designed to connect multiple Smoothwalls to each other, but IPSec is supported fully, and addons can be found for other VPN implementations.

The web interface is easy to navigate. This is the only product to provide a Java SSH client that runs right in the WebGUI - very nice. The real-time traffic graphs are a great addition. Add-ons for Smoothwall 3.0 are plentiful and usually easy to install, if you can think of it, it probably exists. my.smoothwall is integrated into the web configuration tool, and provides some basic integration into the smoothwall website. Free services like dynamic DNS are available, along with paid features as well.

The IM proxy is the best I’ve seen. Once it’s enabled, every incoming and outgoing IM conversation is logged. After opening up a few channels in IRC - in real-time - it’s possible to view any conversation going through the firewall. MSN, AIM, and other protocols are supported as well. It’s a big-brother feature, but if you want to monitor who you children are talking to, or for whatever reason, I can see it being an invaluable resource to monitor what is going on in a network you control. It would almost be easier to keep track of conversations using the logging tool in Smoothwall instead of multiple instant messenger clients.

main-page-smoothwall-express.pngregister-and-credits-smoothwall-express.pngmysmoothwall-profilesmoothwall-profile.pngmysmoothwall-profilesmoothwall-profile2.png

status-information-smoothwall-express.pngadvanced-status-information-smoothwall-express.pngrealtime-bandwidth-bars-smoothwall-express.pngnetwork-traffic-graphs-smoothwall-express.png

im-proxy-configuration-smoothwall-express.pnginstant-messenger-proxy-logs-smoothwall-express.pngdhcp-configuration-smoothwall-express.pngdynamic-dns-smoothwall-express.png

traffic-configuration-smoothwall-express.pnginterfaces-configuration-smoothwall-express.pngupdates-smoothwall-express2.pngsmoothwall-ssh-java.png

Endian and Gibraltar are not included in the final results due to not finishing testing.

EndianEndian Logo “is very easy to install, use and manage, without losing its flexibility.” I had a completely different experience. Although Endian is only 106 MB and would easily fit within the 1GB limitation of our testbed, installation failed at 96% - reporting that there was not enough space on the drive.

The installer for Endian has hard-coded values for the suplementary filesystems /var and swap. There is no minimum system requirements listed on their website that I can find, and I checked online for solutions to this problem. The best solution provided was to install Endian to another hard drive, resize the partitions to fit on the smaller disk, then copy it back using an disk imaging software. That workaround does not constitute “easy to install” by any stretch of the imagination.

GibraltarGibraltar Logo is a close match to every other distribution we’ve looked at so far, with a few nice touches. Their website says that they have the following feature at first look, seems pretty kickass: “Anonymisation Gateway: The Gibraltar Anonymisation Gateway makes your overall network traffic anonymous and it makes sure you can surf in the internet anonymously.”

To activate the firewall you must obtain a license key (for free) from their website. Unfortunately, that feature on Gibraltar’s site does not appear to be working properly. I’ve tried multiple times to request a key, and it said one was on it’s way - but never arrived. About a day later I requested a key once again, and was informed that a key already exists for my email address. Not good. Right before publishing this article I finally received a key via email, and it appears that the license key process is not automated, unfortunately. We’ll take a look at it next time around.

Conclusion:

The scoring system gives equal favor to the following categories: Setup, WebGui, Extensibility, and Speed Testing. Each of the distributions passed the speed test with flying colors, with less than 5% margin between highest and lowest scores. It’s difficult to assign arbitrary numbers to reach a score, and I’ve attempted to provide a good metric for which someone can go by to determine which is best for them.

Overall Score

In the end, pfSense is ultimately the best choice overall and provides the best value of all we have looked at today.

Are you interested in FREE SUBSCRIPTIONS for qualified professionals to eWeek, PC Magazine, PC World, and many more? Click here!

Tags: , , , , , , , ,

Leave a comment Comment RSS

Previous: Fedora 8 : At This Pace, Linux On The Desktop Is Going Nowhere Fast
Next: Linux/Unix Censorship on Digg.com?

53 Comments to “Seven Different Linux/BSD Firewalls Reviewed”

  1. Wayne | November 14th, 2007 at 8:09 pm

    If you liked this article, please Digg it!

  2. brian | November 14th, 2007 at 9:04 pm

    great job as usual!

  3. Happy Linux Guy | November 14th, 2007 at 9:36 pm

    Damn, no wonder you hadn’t posted in a few days. Nice article. I tried smoothwall before and found it to be very well implemented. The only problem is that I didn’t have two nics in the system, and there are no expansion slots. It wouldn’t recognize a usb nic when I plugged it in, either. But, it’s simple to install, and has a great interface. I’ll have to try some of these others you list here. Thanks.

  4. domainnameshg » Blog Archive » Seven Different Linux/BSD Firewalls Reviewed | November 14th, 2007 at 9:49 pm

    [...] here for full [...]

  5. Anti Virus Software & Free AntiVirus Downloads » Seven Different Linux/BSD Firewalls Reviewed | November 14th, 2007 at 10:03 pm

    [...] Amit article is very informativeHere’s a small piece of the storyOne of the best to re-purpose an old computer is to install a Linux or FreeBSD firewall distribution, and use it to run your personal, home office, or small office network is one way to keep “obsolete” technology from ever reaching a … [...]

  6. Adam | November 14th, 2007 at 10:59 pm

    Hmm.. I might have to look into redoing my network with one of my old PCs. Right now I have WRT54GL with the DD-WRT firmware on it as my router / access point. I could easily replace that with my old Apple AirPort for WiFi and an old computer for the router.

    Especially since I’d love to get the parents onto my network through a VPN since I have to support their machines from 300+ miles away.

    -A

  7. danny | November 15th, 2007 at 2:01 am

    my fav has to be IPCOP. :)

  8. PredatoryFern | November 15th, 2007 at 7:01 am

    Thanks for the great review Wayne. Keep up the good work.

  9. Shane | November 15th, 2007 at 7:28 am

    Nice article Wayne. My personal preference is m0n0wall. I run it for our ISP servers and it works very well.

    Currenly RAM usage is around 40MB and I haven’t seen the first hiccup (knock on wood).

  10. Wing Loon | November 15th, 2007 at 12:55 pm

    Good write up. IPCop is my favorite too, :D

  11. Wayne | November 15th, 2007 at 1:54 pm

    Thanks for the encouraging comments guys!

  12. lsutiger | November 15th, 2007 at 7:05 pm

    Hey Bro! A followup story on Comcast and others:
    http://www.msnbc.msn.com/id/21818555/

  13. Security: Why Changing a Port Isn’t Enough | Hackosis | November 16th, 2007 at 10:08 am

    [...] Restrict IP address access via firewall [...]

  14. Ahhh, a working weekend! at TheRealMark.com | November 17th, 2007 at 5:13 am

    [...] of a beta version still but i’m guessing it’s pretty stable since they do good work! Here’s a recent review that favored pfSense. So yea, i’ll have to finish configuring it and then [...]

  15. Replete | November 19th, 2007 at 4:52 am

    Interesting article, but one thing that hasn’t been mentioned is energy usage.

    An old PC running a 220watt ac power supply is going to pull way more than a tiny 4.5volt router/firewall. In a couple of years the cost of running the archaic machine may well be more than the initial outset of buying/running a router. An untested thought, but probably.

    Phil

  16. Wayne | November 19th, 2007 at 5:27 am

    Good call Replete - I’ll correct you on one point - You can’t very well compare volts with watts… that’s apples and oranges.

    A plain jane vanilla router uses somewhere around 15-25 watts depending on if it’s running wireless.

    My old P3 has a power supply with a max wattage output of 90W - and it’s using flash media instead of a hard disk… since it’s all solid state, I would wager it’s actually using somewhere around 50W idle - and it’s got an average of <1% CPU utilization over several months.

    I still haven’t invested in a KilloWatt to measure actual usage at the plug however, so these figures could be off by a little bit.

    However, the added features that vanilla routers do not provide like VPN with high throughput make it well worth the extra energy used, IMHO.

  17. Replete | November 19th, 2007 at 5:42 am

    Yeah, I understand volts and watts, I didn’t bother to guess at how many watts it may be using.

    I’d love to something like this myself, but don’t have the time to.

    An advantage over a router is that if something goes wrong in the pc, repair is more flexible. When an all-in-one router goes, there isn’t a whole lot you can do (with exception to opening it up and testing components etc..)

    Right, back to work!

    Good article. Hope someone finds use of it, I certainly have found it useful to be made aware of distro options.

    Thanks.

  18. casey Wodos | November 21st, 2007 at 3:48 pm

    My pfSense box is running on a P3 w/flash storage. The only thing in the box that is running off the power supply is the cd-rom drive which only really does anything on boot. All the case fans are disabled. I’m probably using less power than a 60 watt light bulb. I can live with that.

  19. NATE | November 21st, 2007 at 7:22 pm

    I’ve used pfsense in numerous roles throughout the past 2 years. The load balancing portion of it is bar none the best, you also get failover and aliases as part of that. The support community is outstanding and there is commercial support available.

  20. And | November 26th, 2007 at 2:51 am

    Another similar product is untangle, at http://www.untangle.com/. Ive played a bit with the virtual machine that they provide and the feature set is really remarkable. Its not a lightweight minimal product, for example the remote interface is all done in java. So while the product might not be an ideal candidate for keeping old hardware alive, it is definitely a good candidate for keeping your network safe.

  21. Manuel | November 26th, 2007 at 3:01 am

    I’ve used for years m0n0wall (easy, speedy) and ipcop (easy, many addons).
    I’ve tried a couple of times endian firewall with tons of features but I left it because it seem slow to me.
    Now I use Untangle (http://www.untangle.com/). It has everithing you could need and it is faster than endian.

  22. Nod | November 26th, 2007 at 4:14 am

    If you can afford the power consumption, noise, and space - these make a nice project and can prove very useful. Then again though, you can get a Cisco 1600 class router fairly cheap these days - and you simply can’t top Cisco (it doesn’t make a sound, and it’s about the size of a old discman.) It’s a great learning experience though.

  23. Laurence | November 26th, 2007 at 5:11 am

    I tried a few of the installations reviewed over the past 4 years and can only reflect on my own experiences. The one I use at home is IPCOP. I install it for schools as well. Why, because it simply does all I want it, rock solidly.
    I have to put a bit of a defence here for this community based distro, since I feel the article doesn’t really reflect IPCOP’s features fully.

    Why is the simplistic purplish web interface worse than the orange one in smoothwall? Add-ons available allows you to do sooo much, why not on par with the rest? Add-ons installation (and finding them) may not be the easiest CLI experience for a noob, but it ain’t rocket science either.

    Also, Endian is built on IPCOP, I think 1.4.8, upwards, with most of the add-ons pre-installed. If you want a pretty interface, fully functional IPCOP, get Endian…

    IPCOP rocks!

  24. Alain | November 26th, 2007 at 7:02 am

    What about Vyatta (http://www.vyatta.com)? Vyatta is a Debian based distro that provides a very comprehensive set of firewall and router features…

  25. Seven Different Linux/BSD Firewalls Reviewed - Overclock.net - Overclocking.net | November 26th, 2007 at 7:13 am

    [...] of 1 to 10 (10 being the highest), then averaged to obtain the final score. read everything here. very interesting stuff. __________________ Fore Sale: Endo’s stuff Join the Linux/ Open Source [...]

  26. Sid Boyce | November 26th, 2007 at 8:56 am

    I installed Shorewall on an old P166, but when it came to replacing the existing K6-II/333 with BBImage, I accidentally installed Smoothwall 2.0 instead of Shorewall, so I kept with it and now running Smoothwall 3.0. I’ve also used Astaro on the K6-II/333, but found problems with ports which they intentionally made cryptic to encourage you to sign up for one of their classes. Then they offered an on-line seminar, OOps!, Windows needed, so the best they could do was to email me a PDF presentation which still did not clear up my confusion. All the available config examples were geared towards Windows - brilliant for a Linux firewall. One good thing, it was so tightly chrooted that using a Knoppix CD to view the hard drive said there wasn’t one.

  27. Jeff | November 26th, 2007 at 9:56 am

    I like Endian because of its smooth integration with the dansguardian filter. I have not seen another free firewall product that integrates either squidguard or dansguardian as easily. I do agree that setup of endian is not as easy as it could be, but I have found it to be worthwhile for the simple filtering capabilities.

  28. Don | November 26th, 2007 at 10:17 pm

    Nice writeup,

    I was recently tasked with setting up a multiple-external-ip firewall and I have to say you’ve missed an excellent solution in eBox ( http://www.ebox-platform.com ). It comes with a load of builtin features that are well integrated into the system as a whole. And for such a young project, the interface seems surprisingly mature.

    It is based on Debian, although I believe they are partnering with ubuntu for an easy eBox install in 8.04. I bet it could outscore all of those mentioned here, given the chance. You might want to check it out.

  29. LinuxHaxor.net » Interesting Links of the Day 11-27-2007 | November 27th, 2007 at 5:52 am

    [...] Seven Different Linux/BSD Firewalls Reviewed [...]

  30. Gaff | November 27th, 2007 at 7:51 am

    Use all listed.
    But chose MikroTik.

  31. John | November 27th, 2007 at 10:31 am

    I’ve been using Mandriva’s DrakFirewall for all my firewall setup. It is built on top of Shorewall, and have found it simple and effective in everything any would want to do.

  32. crashwind | December 5th, 2007 at 5:15 am

    pfSense - the best!!!! All others for dummys :)
    especially ClarkConnect…. f*cking sh*t… so many troubles i had with CC. Linux is for developers, FreeBSD is for stable work!!!!

  33. Sergu | December 19th, 2007 at 1:32 am

    I tested all these firewalls (+ MikroTik).
    As the worker has chosen pfSense.
    The best now also it is not necessary to me!

    But chose MikroTik.

  34. Sergu | December 19th, 2007 at 1:34 am

    I tested all these firewalls (+ MikroTik).
    As the worker has chosen pfSense.
    The best now also it is not necessary to me!

    RE > … But chose MikroTik.

  35. Wayne | December 19th, 2007 at 2:51 am

    crashwind: aye, agreed with CC, not fond of it. lol.

    John: DrakFirewall, I haven’t looked into that personally, I’ll take a look, thanks for the heads up. :)

    Engarde came out with a new version recently and in my next round up I should have at least eight firewall distros to evaluate.

    At the moment I’m running IPCop, just like any of the others, once it’s setup, it Just Works (TM)

  36. PredatoryFern | December 19th, 2007 at 6:49 am

    Isn’t that the case with most *nix/BSD software? It just works™

  37. spw | January 22nd, 2008 at 11:24 am

    Another candidate for your next review - comixwall.org. I’ve been waiting for the 4.2 release, which just can out this month, to take look at it. It’s based on OpenBSD, which is what I’ve been using for a firewall, so I’m hoping it’ll be an easy switch. Would be interesting to see how it stacks up against the ones you’ve reviewed.

  38. τα παντα » Blog Archive » Pfsense | January 27th, 2008 at 7:29 am

    [...] om hur du kan göra om en gammal uttjänt dator till brandvägg/router och/eller läs detta test (engelsk [...]

  39. Wayne | January 27th, 2008 at 5:50 pm

    I’m working on the next version of this review at the moment.

    Unfortunately I am NOT going to include Vyatta and ClarkConnect as they’re geared more for business.

    Thanks to your suggestions, I’ve got a big list of *nix-based firewalls to test out and I’m looking forward to finishing the review. Right now the list of distros I’m looking at are as follows:

    comixwall
    eBox
    endian
    enguarde
    gibraltar
    ipcop
    mikrotik
    monowall
    pfsense
    smoothwall
    untangle
    zeroshell

    So that’s ten eleven at the least… Anybody else have any other suggestions?

  40. 7 Linux/BSD firewalls reviewed (incl pfSense & m0n0wall) | FreeBSD - the unknown Giant | January 28th, 2008 at 3:04 pm

    [...] Richardson from fsckin.com reviewed in total 7 different Linux and BSD firewalls back in Nov 2007 (ClarckConnect, Endian, Gibraltar, [...]

  41. Se busca el mejor sistema cortafuegos at Tod-OS.com :: Te ponemos al dia | January 28th, 2008 at 5:10 pm

    [...] Puedo anticipar que el autor ha elegido como ganador a pfSense, teniendo en cuenta la calidad de la interfase grfica, la configuracin, la posibilidad de aadir mejoras y la velocidad. Curiosamente Monowall, el sistema en que se basa pfSense, ocupa el ltimo lugar. Podis seguir leyendo aqu. [...]

  42. Fco Javier Garcia | January 29th, 2008 at 10:44 am

    Coyote linux, another firewall-distro for the list.

  43. DpL Blog » Blog Archive » Se busca el mejor sistema cortafuegos | January 29th, 2008 at 11:39 am

    [...] Puedo anticipar que el autor ha elegido como ganador a pfSense, teniendo en cuenta la calidad de la interfase gráfica, la configuración, la posibilidad de añadir mejoras y la velocidad. Curiosamente Monowall, el sistema en que se basa pfSense, ocupa el último lugar. Podéis seguir leyendo aquí. [...]

  44. walter yeoman | February 13th, 2008 at 4:35 am

    I’ve used 3 of the firewalls. M0n0wall runs cleanly with uptimes well over 1 year. Pfsense has the extensibility of add-ons , but has a habit of restarting every few months. A primary goal of a firewall is security, throughput and reliability. There is something to be said for the small portable, reliable code base of M0n0wall!

  45. Emilio | February 13th, 2008 at 8:24 am

    I am using Pfsense’s firewall in bridge mode, like a transparent firewall. And it works great! I don’t need a router, you just drop it where you want the network to be protected without any router config. Good stuff!

  46. dennyhalim | February 16th, 2008 at 8:26 pm

    try censornet in your next review.

    also, you might want to try wrt54gl
    + tomato firmware.
    i use it at home.
    imho, the qos gui is the easiest
    and very n00b friendly.

  47. pfSense Digest » Blog Archive » Seven different BSD and Linux firewalls reviewed | February 24th, 2008 at 1:52 pm

    [...] review from someone unrelated to the [...]

  48. Thumos | March 8th, 2008 at 11:27 am

    Thanks for the review. I am looking forward to the updated article! I am in the process of trying to select a security solution and this was very useful.

  49. Bruce | March 31st, 2008 at 4:18 pm

    I use SME (http://www.smeserver.org/) and like it but will be splitting my setup to a firewall & server to enable IM monitoring that SME just does not do.

    Have tried ClarkConnect & eBox but SME is more open and will work with an old SCSI tape drive that the others will not. Better printer support with XP boxes with SME.

  50. Ged | April 4th, 2008 at 1:02 am

    Java in a firewall? Am I dreaming??

  51. Robert | May 1st, 2008 at 5:36 am

    OK, I like pfSense the best myself, but the GUI is clearly a step down (other than the added functionality) compared to m0n0wall. How any other product listed rates as having a better GUI that m0n0wall is beyond me. The simplistic, intuitive and highly refined GUI of m0n0wall is part of what makes the firewall so attractive.

    Yes pfSense is better, but it hardly has a better GUI.

  52. zeek | May 24th, 2008 at 2:57 am

    I think the best i have ever seen isn’t mention here, which is vyatta, can replace cisco 7200 router

  53. Tet Aguila | June 2nd, 2008 at 9:06 pm

    Im a freelance linux consultant, ive tried monowall and smoothwall and pfsense but not the endian and clarke connect, thank you for your reviewed. Hope you can also review Astaro and Fosswall.

    Regards,

Leave a Comment