Need advise for a linux firewall

Will Clayton w.d.clayton at gmail.com
Thu Mar 11 23:54:04 UTC 2010


Microtik makes a pretty robust Linux based firewall
appliance-on-a-usb-stick. It does a lot out of the box like BGP, VPN,
MPLS,QoS and all kinds of other crazy things you wouldn't expect to fit on
one gig of flash. It takes my HP about 10 seconds to load a full table.

My vote is for PFSense though. PF is a lot of fun itself and I have seen
awesome throughput with no load on very low end hardware.

On Thu, Mar 11, 2010 at 1:45 PM, Jim Miller <stljim at gmail.com> wrote:

> On Thu, Mar 11, 2010 at 11:56 PM, Abdul Nazeer <voipuser at optonline.net
> >wrote:
>
> > On 03/11/2010 11:22 AM, gordon b slater wrote:
> > > On Thu, 2010-03-11 at 11:00 -0500, Abdul Nazeer wrote:
> > >
> > >
> > >> iptables, but if anyone has any other suggestion, I'd love to hear it.
> > >>
> > > PFsense, (being freeBSD-based, comes  under your "other" category)
> > > It uses the OpenBSD-based pf firewall, with a web-based GUI for almost
> > > everything (except maybe console resets). works for me in  several
> > > locations, some `heavy and high`.
> > >
> > Looks interesting. Will give it a shot, thanks!
> >
> > For a very long time I used the following setup with great success:
> 1. Debian based linux for the firewall box.  With Debian you can do a very
> light setup.
> 2. FWBuilder to builder for the GUI front end.  It's been around for quite
> a
> long time now and has built in RCS for revision control.
> 3. Quagga for OSPF routing.. We only had about .. 4-5 firewalls but made a
> lot of internal routing changes and OSPF _really_ made things easy when we
> made changes
> 4. OpenVPN for after-hours access and off-site staff access.
>
> Anyway, just my $0.02
>
> --Jim
>



More information about the NANOG mailing list