Unoffical Master List of Linux Firewalls

R

Ryan711

[H]ard|Gawd
Joined
Nov 16, 2004
Messages
1,173
I've found that the vast amount of linux firewalls available can be a litte overwhelming for the beginner. So I thought I would create a master list of firewalls for all of the begginers wanting to try out an OPEN SOURCE firewall.

Smoothwall Express

Website: http://www.smoothwall.org/
Forums: http://community.smoothwall.org/forum/
Current Version: 3.0
Pros: Can run on very minimal hardware, very active community and forums, new Quality of service module for 3.0
Cons: Many of the addons are available as standard features on other firewalls
Recommended for: New users who have farily slow machines, or New users who have faster machines but want to KIS(Keep it simple) and be able to scale with their needs

IPCop

Website: http://ipcop.org/
Forums: http://www.ipcops.com
Current Version: 1.4.16
Pros: Can run on very minimal hardware, very active community, many 3rd party addons available
Cons: Many addons are available as standard features on other firewalls
Recommended for: New users who have farily slow machines, or New users who have faster machines but want to KIS(Keep it simple) and be able to scale with their needs

Endian Firewall

Website: http://www.endian.com/en/community
Forum: N/A
Current Version: 2.1.2
Pros: Many features come standard that are addons for other firewalls, built in av scanning, antispam, qos.
Cons: Slow development, hardly any community, requires a rather beefy system to use the advanced features
Recommended for: Beginner to advanced user who have a fairly fast machine that want advanced features

Untangle

Website: http://www.untangle.com/
Forum: http://forums.untangle.com/
Current Version: 5.0 Mustang
Pros: Very unique "rack" GUI, very advanced features, av scanning, antispam, intrusion prevention, very comprehensive reporting features, under very active development, fairly active community
Cons: Requires fairly hefty machine(they recommend a P4 dual core), No QOS(yet)
Recommended for: Beginner to advanced user who have a very nice machine they want to dedicate to a firewall.

Clarkconnect

Website: http://www.clarkconnect.com/
Forum: http://www.clarkconnect.com/forums/ubbthreads.php
Current Version: 4.1 (4.2 Alpha availabe but not recommended for production environments)
Pros: Nice all in one server/router, active development, fairly active community
Cons: Needs a beefy machine to run(mostly ram), Not for users who only want router
Recommended for: More advanced users for desire an all in one sever/router

Astaro

Website: http://www.astaro.com/
Forum: http://www.astaro.org/
Current Version: 7.007
Pros: Many advanced features, very active community
Cons: Bit of a learing curve on the GUI, New home licesnse only allows 10 concurrent devices on network
Recommended for: Advanced users who like to tweak and control every aspect of their network

M0n0wall

Website: http://m0n0.ch/wall/
Forum: http://forum.m0n0.ch/
Current Version: 1.3b3
Pros: Can run on just about anything except a toaster, fairly advanced features
Cons: Not as many features as other firewalls
Recommended for: Faily advanced users who would like to run an embedded low power firewall, or for those who have very low end machines

PfSense

Website: http://www.pfsense.com/
Forum: http://forum.pfsense.com/
Current Version: 1.2 Beta 2
Pros: Can run on faily low end hardware, based on m0n0wall but has more features
Cons: Even with the features added on top of m0n0wall, there are still firewalls that come standard with more features
Recommended For: Farily advanced users who would like to run a powerful yet lean firewall


I hope to add to this list as time goes on, as this is nowhere near complete. There are so many more features and things i'd like to say about each of these, but it would take so long as there are so many.

This is by no means all of the firewalls out there, these are just the more popular ones that I have seen.

If any of the more advanced people out there have any suggestions to the list just type them down and i'll try to add them in. I hope this helps the beginners out a little more in the search for a more stable firewall.
 
lets not get picky now, i'm not going to exclude those just because they aren't based on linux, but none the less I've edited to title to appease you
 
could an additional tidbit of info be put with each entry to do with if EULA (of sorts) ..is it free for home and/or commercial use ..etc ..

SW 3.0 Express is free for home or commercial as well as IpCop and Endian .. and I believe ClarkConnect is free for home use only ..not sure about the others.

That info might be a deciding factor for some right off the bat regardless of how feature rich a particular distro might be..

I work at a school for troubled teens and we use SW 2.0 Express ..and with the mods for it and the fact that it is free for commercial use ..it suites our needs just right .. I have played around with IpCop and Endian , but they just don't seem to have the avid community support behind it like SW 2.0 Express does (as will carry on thru with SW 3.0 Express)

Untangle looks intriguing and I will be playing with it next but not sure on if it's free for commercial use or not ...if it's not , then I won't be messing with it.

Thanks for making this updated firewall thread. :cool:
 
Ryan711 said:
lets not get picky now, i'm not going to exclude those just because they aren't based on linux, but none the less I've edited to title to appease you
Click to expand...

sorry for the tone in my previous post

found one more you may wish to add in there

DD-WRT x86 is around but you need to purchase it
 
tacticus said:
sorry for the tone in my previous post

found one more you may wish to add in there

DD-WRT x86 is around but you need to purchase it
Click to expand...

DD-WRT is free.

Also, Madriva used to have a version called Multi Network Firewall back when it was Mandrake. I don't know if the still have it though.
 
Ryan711 said:
lets not get picky now, i'm not going to exclude those just because they aren't based on linux, but none the less I've edited to title to appease you
Click to expand...


Get a Mod to change it to *nix firewalls.
 
any preference between Smoothwall Express and IPCop? Started with IPcop but am thinking of trying Smoothwall Express as well.
 
I have used both ..and I just like the community behind SW for getting support when needed a whole lot more ..

 
Let's also differentiate what's a Firewall product, and what is designed as a UTM (Unified Threat Management) product. Not all of those listed are specific Firewalls.

Firewalls
-------------
m0n0Wall
PfSense
Smoothwall
IPCop

All-In-One/UTM
--------------
Endian
Untangle
Clark Connect
 
Smoothwall is nice with a great community. I switched to Endian which has no community but its worked for what i needed without adding stuff like Smoothwall. Same p3 600 meg box with 256megs and a 10gb hdd. Ran great with both firewalls.
 
yeah ..that is the downside of SW..it's a pretty vanilla setup out of the box and so you have to add whatever functionality you want out of it besides basic web proxy/firewall duties .. I really liked Endian when I used it as well but I wasn't able to tweak DansGuardian to suite my needs and the biggy was lack of community support.

NetWhiz's (SW mod writer)Guardian Reactive Firewall is one of my favorite add-ons for SW 2.0 .. Marco. S does the Advance Web Proxy and Urlfilter mods for IpCop and SW 2.0 , of which are also very handy ..and Steve McNeil does DansGuardian for SW 2.0 and 3.0 .. Bohica , STP , kevh and others over their have made SW 2.0 a great full featured product.

 
Based upon the Untangle page, it is free for business as well. If you want the "Professional Package", then you will end up paying. The features that said package adds are:

  • AD Integration
  • Live Support
  • Advanced Policy Management
  • Configuration Backup
  • Remote Access Portal

I have downloaded the ISO to try out the transparent bridging mode. That functionality seems to be missing from the other distributions.
 
Nate7311 said:
Let's also differentiate what's a Firewall product, and what is designed as a UTM (Unified Threat Management) product. Not all of those listed are specific Firewalls.

Firewalls
-------------
m0n0Wall
PfSense
Smoothwall
IPCop

All-In-One/UTM
--------------
Endian
Untangle
Clark Connect
Click to expand...

IPCop can cross the line...from just a firewall, to UTM, once you install the Copfilter add-on.
 
Nate7311 said:
Let's also differentiate what's a Firewall product, and what is designed as a UTM (Unified Threat Management) product. Not all of those listed are specific Firewalls.

Firewalls
-------------
m0n0Wall
PfSense
Smoothwall
IPCop

All-In-One/UTM
--------------
Endian
Untangle
Clark Connect
Click to expand...


What about Astaro? Where does it fall in the list?
 
RedComet said:
What about Astaro? Where does it fall in the list?
Click to expand...

I'd put Astaro under UTM, similar to Fortinet. But I think Astaro is like Fortinet...in that there is no freebie ISO to download for free and run on your own hardware? Or license EULA limitations if you wanted to run at a business.
 
YeOldeStonecat said:
IPCop can cross the line...from just a firewall, to UTM, once you install the Copfilter add-on.
Click to expand...

VERY True, for those that don't know, IPCop w/Copfilter was the original basis for Endian.

I also forgot another All-In-One, SME Server. This was actually the 1st product of this nature that I used about 9 years ago,back then it was named E-Smith Server. It's pretty comparable to Clark Connect and they've got a pretty good community.
 
I did not know that Astaro had its own hardware, I thought it was just software like the others. Somehow we used Astaro in my networking class last year as a firewall but it just ran on its own box. We mainly used Smoothwall though.
 
I would just like to say, do not try installing Untangle on low end hardware, you wont get very far.

I am, right now, trying to install it on a p3-933 with 256mb ram, and the installer wont even go past the initial loading screen.

Guess I need to try something a bit less advanced.
 
I've been using the Firestater gui for setting and controlling iptables.
 
seanx said:
I would just like to say, do not try installing Untangle on low end hardware, you wont get very far.

I am, right now, trying to install it on a p3-933 with 256mb ram, and the installer wont even go past the initial loading screen.

Guess I need to try something a bit less advanced.
Click to expand...

Could save time if you read the instructions first..it does tell you that right up front. 1GHz minimum and 512 megs minimum.
http://www.untangle.com/index.php?option=com_content&task=view&id=226&Itemid=739
 
seanx said:
I would just like to say, do not try installing Untangle on low end hardware, you wont get very far.

I am, right now, trying to install it on a p3-933 with 256mb ram, and the installer wont even go past the initial loading screen.

Guess I need to try something a bit less advanced.
Click to expand...

I tried installing Untangle on a GX150 with 1GB of memory, it wouldn't install. Ah well, good thing I have a GX260 as well :D
 
Might want to add FreeSCO

www.freesco.org

One of the few remaining single-floppy based router distros. Ive used this with 64Kb (Kilo-bits...yes) wireless DSL on a packard bell with a 486 cpu, 12MB ram. Its quite adequate, supports plug-and-pray PCI/ISA Network cards. Built in caching DNS server, FTP server, Http server, web based management interface, etc...

(to the OP) - As far as your list of router distro's, it might help to be a bit more specific on hardware requirements. Monowall and Pfsense, from my experiance on my crappy hardware, will barely run on a K5 or K6 era cpu. And by barely, I mean the web interface is so slow its unbearble to use. a K6-II 500Mhz cannot handle comcast cable, or a higher speed DSL service without dropping packets and causing some other interesting issues. It will, of course, run beautifully on a 400Mhz PII, or 500Mhz PIII, or 500Mhz K7. Im not asking anyone to post some kind of long winded benchmarks, but keep in mind that minimal to some of us (me, for example) means something like an embedded single-board-computer running an AMD Geode @ 200-300mhz. Very minimal, 386SX-25Mhz comes into my mind.

Im willing to post a review/write-up or something of that sort on Pfsense and monowall, if anyone is slightly interested in making this thread into a sticky.
 
Glad to see this list up. I have been using Cisco PIX506 that I resurrected by replacing the CPU and modding a fan in the top (origianl 32mm fan died and couldn't find a replacement :) ) but now the ethernet ports are flaking out . . . . So I started using my DD-WRT Buffalo as my gateway and AP and I have to reboot it once a week or my internets don't work. So I thought I would put tomato on it, now my wireless doesn't work at all but my internets don't have to be rebooted . . . go figure.

So, I thought I would try out that Astaro, got a bad checksum error, downloaded it again and got the same thing so I gave up and am now trying endian. We'll see how that goes. :)

I have used Smoothwall and IPCop in the past, they work just dandy for basic firewall crap but I want more. I am used to working with ASA5500 series firewalls at work so I thought I would give some of these UTM distros a shot.

Thanks again for turning me on to those other distros I didn't know about.

 
You must log in or register to reply here.
Back
Top