I’ve been interested in firewalls for some time. I decided it would be an interesting project to find some open source firewalls and install and review them. So this is my attempt to do just that.
I’ve created a page for each firewall. I’m covering all types of firewall. Some are embedded and designed to run on single board computers. Others are full blown servers and require substantial hardware to run.
What is your idea of a good firewall?
My idea of an optimal firewall is something that is simple to understand and has minimal moving parts. By that I mean a minimum of software and minimum of hardware. The simpler it is the more reliable.
I do however like to be able to do some sophisticated things with my firewall. I like it to be able to do both PNAT and SNAT. A good firewall should be able to manage multiple interfaces, up to seven. A good firewall needs to be able to manage multiple IP addresses for different purposes. It should be able to remote log. I like it if the firewall runs completely in memory without the ability to write to the media, except in special circumstances. A web interface for configuration is nice. However, in return, there should be no way to get a shell on the system. Not by ssh or any other means.
Why aren’t you reviewing commercial firewalls?
I’m willing to review commercial firewalls. However, at this point, no commercial vendors have offered their products for my review, so I’ll stick to the open source stuff.