If any one is looking for an alternative firewall for their home, office, small / medium sized business or enterprise, I may have something in store for you. I have been using pfSense, a BSD based firewall at home for about a year and a half. Well, I was using M0n0wall for about 6 months of that but pfSense is based on M0n0wall so maybe I didn’t lie. Oh well. You can check it out at http://www.pfsense.com .
Please take some time to mull over all the features that the BSD based firewall offers for FREE. Unlike a Cisco or Fortigate, you don’t have to pay for the extras that actually make the thing functional. This is one of the best open source firewall solutions on the marked, the best in my opinion but well, thats my opinion. Take a look for yourself. The website has some tutorials of how to set things up and get you going however, any computer savy home user could set this up without too much fuss.
The firewall, hardware wise doesn’t require much of a system to run. I would recommend a PIII 500Mhz with 256Mb of memory and 2 NICs to get started. The server/firewall can actually boot and run from the bootable CD, then store it’s configuration on a floppy if you wish, however, some of the cool additional features can not be installed to make this thing really bad ass. Just install it to a hard disk, something small like a 6Gb drive or something. Could also be installed on a solid state disk if you have the time and money. Anywho, once you get the hardware, pop in the CD and floppy and get the thing to a basic config, you will have to tell it which interface is which NIC. So the outside interface goes to NIC fx0 and the inside interface goes to fx1 or something. You’ll figure it out. After you have an IP address on the box you can web into it and configure the rest from there. A few features that are worth mentioning would be:
Statefull Packet Filtering
QoS / Traffic Shaping
Wireless LAN Support
IPSec Tunnel Support
Traffic Graphing with RRD Graphs
Real Time Graphing
and many more…
Please, Please, Please take a look at this package and give it a try. I know pretty much everybody has an extra computer laying around that they could put this on. If not, let me know and I’ll try to source you one. At work, a colleague of mine and I are working to get these into the production network and possibly offer it as a line of service for out clients. More on what I do and this project later. Enjoy.