I thought smothwall was a stand alone isolated distribution that ran on dedicated hardware, not something I could put on top of a standard distribution thus allowing me to keep the box hooked up for its "tv" centric features. If I had a small dedicated box I could get away with using I would probably put on SmotheWall/MonoWall/pfSense or the like and forget it. However I would really like to use the available box for other non critical tasks. So far ShoreWall is the closest thing I found out their. I kind of expected more advancement in the last four years, but I also understand that this kind of shared system would never be accepted by anyone but home users (with good reason) and with such a small target it just may not be as interesting to developers. I wipe the box regularly and it interacts with my other systems very little, so I do not mind it being a border router, but I am not that great with IPTables (not to mention I don't really trust it that much) so a prebuilt firewall package would be preferred. Especially after being schooled for my belief that regional blocking is an OK first line of defense ;) Kinda shakes the confidence regarding my ability to configure a decent firewall :) -----Original Message----- From: plug-discuss-bounces@lists.plug.phoenix.az.us [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Andrew "Tuna" Harris Sent: Tuesday, March 31, 2009 12:11 AM To: "plu>"@lists.plug.phoenix.az.us>Main PLUG discussion list Subject: Re: decent non-embeded firewall Top posting because long email is long. Did you ever look at Smoothwall? I'm going to implement it for one of my clients pretty soon. http://smoothwall.org/ Excerpts from Bryan O'Neal's message of Mon Mar 30 23:17:46 -0700 2009: > My Netgear FVS318 router/firewall has developed a nasty habit of > rebooting every time it gets both portscaned and repeated gnutella > requests (who still runs gnutella anyway?) so I am looking to put in a > boarder router/firewall to protect it (read replace it if not for the > lack of an 8 port switch) However the wife will not let my drop an old > ugly tower were I need it to go. However I do have a box I am using > for "web tv" purposes that I can toss a firewall on. My requirements > are > simple: > * Runs on top of a stranded distribution (Ubuntu, Fedora/CentOS, > OpenSuSE, etc) not as a stand alone isolated distribution on > dedicated hardware. > * Does port forwarding > * Does NAT > * Does Static Routes (Important if I have another router behind > it) > * Does Statefull inspection > * Does not break IPSec/PFS/L2PT/Etc. > * Does custom black listing > * Prevents DoS (Syn flood, ICMP flood, UDP flood, port scans, > ping of death, IP spoofing, land attack, tear drop attack, IP > address sweep attack, Win Nuke attack, etc) > * Does intrusion detection, preferably with email alerts > > Would be nice if it also does: > * GUI configuration > * QoS > * DHCP > * IAC (Outbound rules) > * SNMP2 > * Decent logging/reporting > * GUI Dashboard > * DynDNS > * Web content filtering > * DNS Proxy > * Black list service > > Can any one recommend something or am I left to cobble together what I > can with iptables... > > Bryan O'Neal > O'Neal & Associates > Phone: (602) 295-4356 > Fax: (602) 795-6050 > E-Mail: Bryan.ONeal@TheONealAndAssociates.com > > > Blogger > Twitter > Linkedin > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss