decent non-embeded firewall
Bryan O'Neal
boneal at cornerstonehome.com
Tue Mar 31 00:45:45 MST 2009
I thought smothwall was a stand alone isolated distribution that ran on
dedicated hardware, not something I could put on top of a standard
distribution thus allowing me to keep the box hooked up for its "tv" centric
features. If I had a small dedicated box I could get away with using I would
probably put on SmotheWall/MonoWall/pfSense or the like and forget it.
However I would really like to use the available box for other non critical
tasks. So far ShoreWall is the closest thing I found out their. I kind of
expected more advancement in the last four years, but I also understand that
this kind of shared system would never be accepted by anyone but home users
(with good reason) and with such a small target it just may not be as
interesting to developers.
I wipe the box regularly and it interacts with my other systems very little,
so I do not mind it being a border router, but I am not that great with
IPTables (not to mention I don't really trust it that much) so a prebuilt
firewall package would be preferred.
Especially after being schooled for my belief that regional blocking is an
OK first line of defense ;) Kinda shakes the confidence regarding my ability
to configure a decent firewall :)
-----Original Message-----
From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Andrew
"Tuna" Harris
Sent: Tuesday, March 31, 2009 12:11 AM
To: "plu>"@lists.plug.phoenix.az.us>Main PLUG discussion list
Subject: Re: decent non-embeded firewall
Top posting because long email is long.
Did you ever look at Smoothwall? I'm going to implement it for one of my
clients pretty soon.
http://smoothwall.org/
Excerpts from Bryan O'Neal's message of Mon Mar 30 23:17:46 -0700 2009:
> My Netgear FVS318 router/firewall has developed a nasty habit of
> rebooting every time it gets both portscaned and repeated gnutella
> requests (who still runs gnutella anyway?) so I am looking to put in a
> boarder router/firewall to protect it (read replace it if not for the
> lack of an 8 port switch) However the wife will not let my drop an old
> ugly tower were I need it to go. However I do have a box I am using
> for "web tv" purposes that I can toss a firewall on. My requirements
> are
> simple:
> * Runs on top of a stranded distribution (Ubuntu, Fedora/CentOS,
> OpenSuSE, etc) not as a stand alone isolated distribution on
> dedicated hardware.
> * Does port forwarding
> * Does NAT
> * Does Static Routes (Important if I have another router behind
> it)
> * Does Statefull inspection
> * Does not break IPSec/PFS/L2PT/Etc.
> * Does custom black listing
> * Prevents DoS (Syn flood, ICMP flood, UDP flood, port scans,
> ping of death, IP spoofing, land attack, tear drop attack, IP
> address sweep attack, Win Nuke attack, etc)
> * Does intrusion detection, preferably with email alerts
>
> Would be nice if it also does:
> * GUI configuration
> * QoS
> * DHCP
> * IAC (Outbound rules)
> * SNMP2
> * Decent logging/reporting
> * GUI Dashboard
> * DynDNS
> * Web content filtering
> * DNS Proxy
> * Black list service
>
> Can any one recommend something or am I left to cobble together what I
> can with iptables...
>
> Bryan O'Neal
> O'Neal & Associates
> Phone: (602) 295-4356
> Fax: (602) 795-6050
> E-Mail: Bryan.ONeal at TheONealAndAssociates.com
>
>
> Blogger <http://twitter.com/BryanONeal>
> Twitter <http://mlwtech.blogspot.com/>
> Linkedin <http://www.linkedin.com/in/thebryanoneal>
>
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list