What firewall package do you prefer?

[Muscles]

I have a 15/2 mbps net connection at home and the few consumer routers I've used don't seem to do a good job. I got a spare PIII 1 ghz machine I'm going to turn into a firewall and I was curious what package everyone prefers that uses a similar setup.

Smoothwall
IPCop
m0n0wall
others?

I'm sure they all do a good job but if anyone has experience with more than one I'd like to know which you prefer and why (ease of use, features, updates etc.)?

Thanks in advance.

 

[amdskip]

I have a smoothwall box setup for the elementary school I work at and it works great. I have basic virus filtering setup along with content filtering to keep the bad things out. I have it setup so I can remotely connect to it and reboot or check things out in the logs. The teachers also all have passwords to bypass the filter if needed, cool stuff. PM if you have any questions.

 

[MedicBob]

I used SmoothWall before I got a SonicWall FW Appliance. I liked it, pretty simple to set up and in the year or so I ran it never had any problems with it.

 

[n0cmonkey]

My first choice is OpenBSD. Barring that I'd probably go with pfsense.

 

[yuppiejr]

If you're looking for Linux "firewall on a CD" distro for the new/"lite" Linux user IPCop is the best one on your list. Unlike Smoothwall it's got outbound QoS features + transparent web proxy and caching features as part of the basic distro. My personal favorite is ClarkConnect 4.0 SP1 (which isn't on your list, but is worth a look) which is basically an enhanced IPCop firewall (with IPS/IDS) and a bunch of additional server features (SMB shares, LDAP integration, file/print/web/mail services, etc..) that can be optionally enabled.

Having evaluated a DD-WRT v23/SP2 flashed router, a Zyxel X-550 router and ClarkConnect "homebrew" box side-by-side I was most impressed with the ClarkConnect device's performance and management options. That's not to say there was anything wrong with the other devices, the ClarkConnect box just provided a better implementation

There are two manual configuration changes I had to drop out to a "shell" console to make in order to make the ClarkConnect box work the way I wanted. One was to disable response to inbound ping traffic on the WAN interface (enabled by default) - the other required a single line update to a configuration file to properly bind the IPS/IDS service to the correct physical interface. In my box, the WAN interface is ETH2 while the default install always assumes this will be ETH0. <reported as a bug>