[wellylug] Dedicated linux firewalls boxes

[Tony Wills]

At 11:17 17/02/04 +1300, Adam Bogacki wrote:
>FYI,
>
>http://firehol.sourceforge.net/

Interesting, I might try his system.

What I am very interested in are dedicated linux firewall boxes.

I don't want a commercial firewall/router but something I can keep updated 
when new threats turn up and have a bit more control of (and in-expensive).

I have been using Coyote Linux single floppy linux firewall software for 
about three years and it has worked well.  Originally on a dialup line, now 
on a cable modem.

But my requirements have increased and I'm now running a webserver and ftp 
server from home on a 'DMZ' offshoot from the firewall box.  I now need to 
do a bit of load balancing (well actually what I want to do is a bit of 
load squelching!  I want to set it up so that if I'm trying to use the 
internet from my main network I can get fairly full speed access and the 
web/ftp servers just have to wait).  I also need to monitor traffic 
throughput as the statistics available from paradise are at best 24 hours 
out of date at the moment and they charge rather excessive amounts if you 
exceed the 10G traffic limit.  (I normally manage to use 9 to 10GB every 
month).

There are add-ons etc for Coyote which can probably do these things, but 
it's getting a bit bigger than it was designed for and support and 
maintenance of the Coyote distribution is a bit hap-hazard.

So what other easy to setup and maintain, dedicated (ie all un-necessary 
bits stripped out, small footprint) firewalls/router systems do others have 
knowledge of (yes I have searched the internet and there are lots of 
firewalls on offer, I want to cut down the list using others experience as 
a guide).

Tony.