On Thu, 2009-06-04 at 14:10 -0700, Eric Shubert wrote:

Yes, any distro can certainly be configured as a firewall.

The primary advantage I see in using a "firewall distro" is that it's 
just plain easier, meaning that you don't need as high a level of 
expertise in order to make it work. Personally, I'd rather let the 
people who do IPCop worry about the intricacies of iptables and other 
aspects of firewall functionality (i.e. VPNs). There's also less of a 
chance of me screwing something up that way. Using a tailored distro is 
a way to leverage OPK (Other People's Knowledge). Why re-invent the 
wheel? Then again, if you're comfortable and proficient with iptables 
and OpenVPN (or IPSec or whatever), I expect you'd be perfectly 
comfortable "rolling your own".

I see where you're coming from on that but for some reason (probably because I don't really know what I'm talking about) running a specialty distro like IPCop with a web interface and potentially outdated packages just seems like it would open the door for all sorts of security issues to me, the same reason I don't like to use LFS, it's hard to stay on updates. Anybody who understands the security aspects better than I do have an opinion on the security implications of running IPCop, pfsense, ect. vs making your own router from Debian, Gentoo, ect?