I know this topic came up here recently, but I just looked through the
archives and I couldn't find it (browsing by thread).

Anyway, I'm looking for recommendations on the best method to build a
standalone firewall machine. The network will look something like
(simplified for email purposes):


                                                      /----Servers
Internet----SDSL Router----Firewall----10/100 Switch--
                                                      \----Workstations


The firwall obviously needs to support NAT and masquerading, as well as
port forwarding to get to the http, smtp, pop3, ssh, etc... ports on the
servers from the Internet, and support for multiple physical Ethernet
interfaces.

Although not *required* (but would be nice) would be features like
stateful packet inspection (rules based), DoS filtering, intrusion
detection, excellent logging, easy (yet powerful) web browser
configuration/administration, and maybe even log analysis and reporting
features.

While I'm at it, another cool feature would be if it was all able to run
via a floppy or bootable CD (thus no HDD required in the firewall). I also
recognize that this feature would require logging via remote syslog, which
(since the logs would then be remote) would also mean that it wouldn't be
able to do log analysis and reporting.

I know all of these features are easily available with Linux, but I'm
looking for a nice integrated package. Looking on Freshmeat turns up over
200 options (so I'm sure something is out there). I've seen dedicated
"security appliances" from the likes of Linksys, NetGear, and SonicWall.
They look alright (and the Linksys and NetGear ones are really very
affordable), so if someone might recommend that approach, I'd be
interested in hearing thoughts on that too.

Thanks!

-- 
~Jay