I have been looking for a good custom Linux firewall package, and I have found a few.
1.
Wolverine Beta 1/Alpha 3 - I like this little 15MB package (yes, that is MB and not a typo). It is based on the 2.4.18 Linux kernel, and has great PPTP VPN support. In it's current build, it can only send authentication to a RADIUS server. So, if you have a Windows NT or 2000 Server (along with the NT 4 Option Pack) you already have a RADIUS server. It does not have any support for an IDS like SNORT or PRELUDE. I do believe the developer is going to add support for this, but this addition would take up more space. He is also working on a WIN32 admin GUI (non-Web based) along with a Linux GUI of course. If you are at all familuar with the Cisco PIX IOS, then configuring this firewall/VPN router will be easy.
2.
IPCop v0.1.1 - This custom distro is based on the Smoothwall v0.9.9 release, and it is only 2.2.21RC1. This distro is also based on IPCHAINS. The web interface is quite nice, but needs additional work. I have tried to use the web interface to configure rules with out success. I had to SSH into the device, and configure most of what I wanted at the command line. Though I do want to learn IPCHAINS and other Linux administrative tasks, this is not ideal for those that are newbies. The Email list for IPCop is a good source for help. If you cannot find it in the DOCs or HOW-TO's, you should be able to get it from them. It also has some good add-on packages, like zebra for instance.
3.
MandrakeSoft Single Network Firewall 7.2 - A relatively good package for those single network SOHO locations. It has a great web interface that you can configure virtually anything you want. It has SNORT and PREDLUDE (in Beta form) installed on it. But, don't expect to use this one out of the box on a network that has multiple routed segments. I tried to download and install zebra in RPM format for Red Hat, and it would not install. It does come with routed and gated, but routed would not start nor work for me.
I am using both Wolverine and IPCop. I use Wolverine because of the PPTP support and the ease of getting a VPN server up and running. I use IPCop only becuase of the packages that I can install, and because it is stable and works after you install it.
For those that are a Linux Newbie and you don't know how to use IPCHAINS/IPTABLES or you don't know how networking really works, then I would recommend SNF 7.2 from Mandrake. Those that do know what they are doing, either Wolverine or IPCop.
BTW, my IPCop machine is a PIII 650MHz with 256MB RAM. Yes I know that this is an overkill, but I do want the best performance for my firewall. Wolverine is running on an older PII 266 with 256MB of RAM. The entire OS runs in RAM, so it runs VERY quick.
Let me know if you have any questions on this.
Facebook
Twitter