firewalls with big names mean high prices .i have played with some firewalls. and i think there are more affordable solutions out there i'm now inthe rpocess of testing ideco . I am running on CentOS 5.3 x64. any suggestions?

Have you looked at, say, a Linksys router? Lets you block common ports, keeps most of the weenies out of your pants, and costs about $85.

If your not opposed to running a full sized machine as a firewall I would look into PFSense, its by far the best OpenSource firewall/router I've ever used. I'd do that or load DD-WRT on a Linksys or other compatabile router. Keep in mind that there is a known HTTP remote exploit for the older versions of DD-WRT , and a lot of the newer cisco linksys WRT models don't have enough ram to run some of the newer images. Also if you don't mind paying a little more you could also run PFSense off of an embedded PC and a CF card.

Pfsense is great.

There is also m0n0wall (pfsense is based on it).

There is also clarkconnect, smoothewall, and some others I can't think of at the moment.

Of course you could also roll your own with iptables. Arnos firewall script is nice as well.

I've used them all ,and I agree. Per hardware specs you get more out of PFsense than anything else. I've had the same machine for a router for like two years now, I tried Untangled and it worked, but it was VERY slow on my hardware. I then tried smoothwall which was also VERY slow. I then tried Clarkconnect which was usable and I really like the built in dyndns functions, but it had way to much stuff running, It's really meant for a small office as a DC. So I went to m0n0wall, and I found it to be much faster, but still lacked the extra features I wanted, so I started using PFSense and it's a comfy mix of speed, and functionality for me. I'm sold on PFsense, it's got the ability to run a wireless AP as well and I've been using it as an additional wireless access point in my office at work and it's been up longer than my Netgear Prosafe wg302 which is just a broadcom board running embedded Linux. I've also played with vyatta, but I've not gotten it to work the way I wanted it to.

I guess the best thing is to use old desktop hardware and try to find an opensource firewall/router that works best for your situation.

I have used PF Sense, Monowall, and Smoothwall. I seemed to like PF Sense the best.

Does linksys still manufacture that WRTGL series routers that can run on a linux third party firewall like tomato??If it does then i thnk its good to get a WRTGL

ok so i wanted to use pfSense, but figured it is based on FreeBSD, and i wanted something linux-based. so i ended up installing ideco (the one that i was initially testing www.idecogateway.com) and some of the things i liked about is that it allows you to set most firewall rules under Windows and that's something my boss liked thanks for your comments and suggestions!

try Astaro or clark connect both are really good.

IPCop and endian
come to my mind. both share common source with monowall aka shorewall.
Might have mixed up mono and shorewall but all of the four mentioned share a family.

untangle is also good open source network gateway, it has several modules to load in to protect internal network from outside.