Firewall Distributions, Questions.

Paul Gear paul at libertysys.com.au
Mon Mar 2 11:04:47 GMT 2009 

Blindraven wrote:
> # cross post /u-au/slug
>
> I am looking to set up a hardware firewall using an old computer and a
> Linux distribution and am curious about a few things.
> ...
> I am assuming with 2 NICs in the old computer, you dump it between the
> switch and the router and connect both the switch and modem/router to it.
> So it would look something like
> ...
> Based on my set-up, which of the following would you recommend and why?
> ...
> I understand policies could be configured for all of them to allow SSH
> etc, but I'd like something that does not require me to mess with
> modules extenively as I am not *tha*t technically savvy.
> From what I've read pfSense seems to be the go, but I wouldn't know
> why exactly.
My first and only firewall is Shorewall (http://shorewall.net/).  It
enables you to set up configurations with simple text configuration
files (or a Webmin module if you use Webmin - i do).  Shorewall has a
sample configuration which is designed for your situation - the
two-interface firewall.

Why i use and recommend Shorewall:

    * you can think about firewalls at a policy level rather than packet
      level
    * adding new rules and hosts is very simple
    * the documentation is first class - better than many commercial
      firewalls, i've been told
    * excellent preprocessor that catches a lot of your errors
    * you can install it on any version Linux - i suggest Ubuntu server
      or Debian
    * highly flexible - anything iptables can do, Shorewall can do,
      usually much more easily
    * grows with you - has advanced features like IPv6, multiple ISP
      load balancing, etc.
    * I use it on my personal laptop, and on multi-interface clusters
      supporting hundreds of client PCs.  Also runs on WRT54G routers (i
      haven't tried this).
    * user support forums full of people with good Linux/networking skills

Paul

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-au/attachments/20090302/dd2f00c8/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: paul.vcf
Type: text/x-vcard
Size: 203 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/ubuntu-au/attachments/20090302/dd2f00c8/attachment-0001.vcf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4646 bytes
Desc: S/MIME Cryptographic Signature
Url : https://lists.ubuntu.com/archives/ubuntu-au/attachments/20090302/dd2f00c8/attachment-0001.bin

More information about the ubuntu-au mailing list