Software firewall distribution / gui question(s)

sir-lancealot · 02-10-2010, 12:38 PM

Our perimiter firewall had a s/w problem (Juniper) and in order to even talk to someone you have to have a valid contract, if not you need to purchase from the day it lapsed, not just call and talk!

Now, in it's place I stuck an old Dell poweredge 1850, 4 nic's, Ubuntu-server 9.10 and made my own iptable rules. Things are back working, a lot of rules added, etc. but now I am ready for something a little corporate like. Doesn't have to be flash dashboards, etc. but wondering what people are using in this matter.

I have looked at ipcop, not sure on it's ability for corporate, rules, etc. but does have some simple mrtg graphs etc. which I do want also. I know smoothwall is out there, but don't think it's free, but I mean I can look http://en.wikipedia.org/wiki/List_of..._distributions here and one by one read, etc. but really looking for a basic firewall application / server like I have now with the following;
1. web interface, I have all my rules in a flat file, update and continually do an iptables-restore < file but want something more than I can do.
2. traffic graphs, etc. is a nice to have
3. VPN. I would like something that includes an ipsec VPN for iPhone connectivity (as the terminal app kicks butt on the jailbroke phone, but need outside access)

I am open to trying anything local so all ideas (well most of them) :P are appreciated!

rweaver · 02-10-2010, 02:15 PM

While this isn't linux specifically it fits pretty well with what you need I believe... m0n0wall. You could also install a package like say shorewall on a debian net install and use a shorewall web gui.

There's also devil linux and several others that make pretty good firewalls, but honestly, I think one of your best options is m0n0wall although it's not linux based.

You can also achieve #2 and #3 with separate applications if the package you pick doesn't provide as much as you want... say Cacti or Zenoss for graphs and information on the host and OpenVPN for termination of VPNs.

A Cisco PIX/ASA device or Fortinet firewall would also likely suit your needs fairly well and while support isn't free on them (nor is the hardware) they do suit what you're looking for well and are considerably cheaper than most juniper devices.

Jim Bengtson · 02-10-2010, 02:28 PM

I suggest you check out Vyatta and it's open-source version. Both the commercial and open-source versions are well documented and supported, and there's an easy step up from the community-supported version to the commercially-supported version.

sir-lancealot · 02-10-2010, 02:36 PM

Very cool, looking at the wiki list, there is just so much out there. I will take each of the above and focus on those as the testers.

Thanks for the time and feedback guys ....