best linux firewall

Oct 16 05:05 UTC 2003

what is the best linux firewall
i am a major newbie ad i need to amke a linux firewall for work
anyhelp is great
email me at jeb_30@hotmail.com

response 2 of 17:

Oct 16 05:18 UTC 2003

is it free?
thx for the response

response 4 of 17:

Oct 16 10:16 UTC 2003

However, if you have a small network, a Cisco PIX 501 or a Sonicwall 
SOHO (approx $600 which is less than the cost of a PC you would run 
Linux/OpenBSD on typically) might be a cheaper and easier to manage 
option. Especially, considering you are a newbie and if you don't want 
to learn a new OS.

response 6 of 17:

Oct 16 14:15 UTC 2003

I agree with #1.  I have an OpenBSD bridging firewall at work.  pf's
rule syntax takes a little getting used to but it's very powerful.  It's
efficient, too.  I'm using a 166 MHz classic Pentium to filter a T1 line
and it uses less than 50% CPU at full bore.  (Obviously this will vary
depending on how complex your rules are.)

If you want more of a pre-packaged solution I think there are some Linux
'firewall on a floppy' packages out there, but I can't name any right
off hand.

response 8 of 17:

Oct 16 19:06 UTC 2003

A Netgear WAP plus firewall plus router sells for USD 110 on amazon.

http://www.amazon.com/exec/obidos/ASIN/B0000C0XS0/ref=amb_bl_25138/002-
6291568-4183241

response 10 of 17:

Oct 16 20:25 UTC 2003

If one of those fits your needs, go for it.

At work our needs were complex enough that the simple packet-filtering
firewalls you can get cheaply weren't good enough.  We needed something
that could handle stateful filtering, and we already had some spare
computers around, so the lowest-cost option was OpenBSD.

At home since I already have a computer sucking up power as a web
server/file server/NAT box, using it as a firewall as well was a
no-brainer. :>

response 14 of 17:

Oct 19 08:20 UTC 2003

"What is the best Linux firewall?"  The best Linux firewall is any of
the current mainstream Linux distributions installed with the most
paranoid options.  The question of what the best firewall is?  Well, it
depends.  For one thing one might better ask what is the best network
architecture.  Why just one firewall?  One might have the very best
firewall on earth meanwhile the enterprise backups are being done by a
third shift wetback making minimum wage.  It would probably not be too
hard to subvert such with minimal effort to take the "crown jewels" of
the entity the firewall is protecting out the door in the pocket or
backpack...  The problem with a commercial solution is that typically
the reaction time is far slower than an open source solution to bugs or
changes.  The problem with an 'open source' solution is that there is
typically nobody or nobody with 'deep pockets' sufficient to get a name
CPA firm to sign off on 'due diligence'.

I guess the answer is "It depends".  The question in #0 needs refinement
as the answer would probably be different if the "for work" was a
garbage hauling firm (not much money in hacking them) or a bank.

response 16 of 17:

Nov 10 02:15 UTC 2003

In Japan, space comes at a premium.  If your home also happens to have
a lot of tatami (three of our four main rooms are covered with tatami
matts), cable routing also becomes an issue a lot of tatami.

So I opted to use a symantec vpn/firewall 200r appliance to face the
internet.  This was a nice option for me as it packed a firewall,
switched hub, vpn and if I had mutiple net connections, load balance
into a small form factor.

Within the internal network, I use a mix of openbsd (main server), linux
(development) and a powerbook for the desktop, all which are locked down
with their respective firewalling mechanisms in a relatively restrictive
configuration.

On the whole, I like using the symatec appliance as i believe there is
less to go wrong.  Having said that, I quite like OpenBSD's "pf" and
would drop the symantec for an openbsd solution if I could find one
that ran in a comparably small hardware form factor.