decent non-embeded firewall

Bryan O'Neal boneal at cornerstonehome.com
Tue Mar 31 00:45:45 MST 2009


I thought smothwall was a stand alone isolated distribution that ran on
dedicated hardware, not something I could put on top of a standard
distribution thus allowing me to keep the box hooked up for its "tv" centric
features. If I had a small dedicated box I could get away with using I would
probably put on SmotheWall/MonoWall/pfSense or the like and forget it.
However I would really like to use the available box for other non critical
tasks. So far ShoreWall is the closest thing I found out their.  I kind of
expected more advancement in the last four years, but I also understand that
this kind of shared system would never be accepted by anyone but home users
(with good reason) and with such a small target it just may not be as
interesting to developers.

I wipe the box regularly and it interacts with my other systems very little,
so I do not mind it being a border router, but I am not that great with
IPTables (not to mention I don't really trust it that much) so a prebuilt
firewall package would be preferred. 

Especially after being schooled for my belief that regional blocking is an
OK first line of defense ;) Kinda shakes the confidence regarding my ability
to configure a decent firewall :)



-----Original Message-----
From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Andrew
"Tuna" Harris
Sent: Tuesday, March 31, 2009 12:11 AM
To: "plu>"@lists.plug.phoenix.az.us>Main PLUG discussion list
Subject: Re: decent non-embeded firewall

Top posting because long email is long.

Did you ever look at Smoothwall? I'm going to implement it for one of my
clients pretty soon.

http://smoothwall.org/

Excerpts from Bryan O'Neal's message of Mon Mar 30 23:17:46 -0700 2009:
> My Netgear FVS318 router/firewall has developed a nasty habit of 
> rebooting every time it gets both portscaned and repeated gnutella 
> requests (who still runs gnutella anyway?) so I am looking to put in a 
> boarder router/firewall to protect it (read replace it if not for the 
> lack of an 8 port switch) However the wife will not let my drop an old 
> ugly tower were I need it to go. However I do have a box I am using 
> for "web tv" purposes that I can toss a firewall on. My requirements 
> are
> simple:
>       * Runs on top of a stranded distribution (Ubuntu, Fedora/CentOS,
>         OpenSuSE, etc) not as a stand alone isolated distribution on
>         dedicated hardware. 
>       * Does port forwarding
>       * Does NAT 
>       * Does Static Routes (Important if I have another router behind
>         it) 
>       * Does Statefull inspection
>       * Does not break IPSec/PFS/L2PT/Etc. 
>       * Does custom black listing
>       * Prevents DoS (Syn flood, ICMP flood, UDP flood, port scans,
>         ping of death, IP spoofing, land attack, tear drop attack, IP
>         address sweep attack, Win Nuke attack, etc) 
>       * Does intrusion detection, preferably with email alerts
> 
> Would be nice if it also does:
>       * GUI configuration 
>       * QoS 
>       * DHCP 
>       * IAC (Outbound rules) 
>       * SNMP2 
>       * Decent logging/reporting 
>       * GUI Dashboard 
>       * DynDNS 
>       * Web content filtering 
>       * DNS Proxy
>       * Black list service
> 
> Can any one recommend something or am I left to cobble together what I 
> can with iptables...
> 
> Bryan O'Neal
> O'Neal & Associates
> Phone: (602) 295-4356
> Fax:     (602) 795-6050
> E-Mail: Bryan.ONeal at TheONealAndAssociates.com
> 
> 
> Blogger <http://twitter.com/BryanONeal>  
> Twitter <http://mlwtech.blogspot.com/>  
> Linkedin <http://www.linkedin.com/in/thebryanoneal> 
> 
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



More information about the PLUG-discuss mailing list