Linux/Free Firewall for Network

[robertwj]

I am looking to implement a Firewall onto my network. I want something FREE and simple to use preferably something with a user interface instead of commands.

I want it to be able to monitor Network usage/sites visited ect as well as Block Websites and ports.

What software would you recommend that can be installed on a stand alone firewall PC?

Thanks

[Peder]

Endian Firewall

It works quite nicely, though i am learning much about it as i go on

http://www.endian.com/en/community/

[ghoti]

I am looking to implement a Firewall onto my network. I want something FREE and simple to use preferably something with a user interface instead of commands.

I want it to be able to monitor Network usage/sites visited ect as well as Block Websites and ports.

What software would you recommend that can be installed on a stand alone firewall PC?

Thanks

From my other post:

1) ClearOS - One of the best, but it only monitors web browsing. It does not monitor all traffic, so if a user is torrenting, there is no method of tracking this.
2) Untangle - Requires expensive apps to be really functional, and our Untangle just started maxing out our upload line... for no apparent reason. It also sucks with new hardware and runs on outdated debian.
3) Endian - A polished system, but only has raw ntop to manage internet usage
4) IPCop - Have not tried it out as their website looks like it was done by a 5 year old about 10 years ago. Also, you cant download 2.0.4 (you have to download 2.0.3 and then upgrade to 2.0.4 - this indicates to me lazy developers... which puts me off)
5) Zentyal aka Ebox - Have not tried this since it was ebox, but last I checked into only metered web browsing, not all traffic.
6) PFSense - Have not tried it yet.
7) m0n0wall - Have not tried yet
8) Smoothwall - Have not tried yet

So what FOSS firewall/gateway solutions are out there to help me manage how much a user downloads? What do you recommend?

http://mybroadband.co.za/vb/showthre...internet-usage

Ive tried a bunch of them. Right now experimenting with Endian. It really locks a network down nicely. Like torrents are dead on the network... but its hard to see reports for user usage

[lumpyza]

i would say look at the following:

ClearOS
SmoothWall
Monowall

they about the best iv worked with, but all depends if your gonna need VPN connectivity later on and so on...

Have fun, i love setting up new firewalls!

[krieg]

Hi

Why not go the hardware route? Look at a Routerboard from Mikrotik, which runs RouterOS and has a window like front end called Winbox. The RB750 for instance runs on 5W of power, a lot less than a PC. You can also download the trial version and run it on a PC to test it.

[gregmcc]

Been running smoothwall for years. You can run sarg and report on the downloads.

[robertwj]

Thanks for the options everyone. I've just downloaded Smoothwall and i'll be installing it tonight. Very excited to give it a bash

[LTMeg]

Just my opinion but a software firewall is not a good business decision. You are putting the firewall inside the very thing you are trying to protect? The incredibly sophisticated threats out there have made software firewalls redundant.

[ghoti]

Just my opinion but a software firewall is not a good business decision. You are putting the firewall inside the very thing you are trying to protect? The incredibly sophisticated threats out there have made software firewalls redundant.

Like?

[gregmcc]

Just my opinion but a software firewall is not a good business decision. You are putting the firewall inside the very thing you are trying to protect? The incredibly sophisticated threats out there have made software firewalls redundant.

Umm all firewalls are software based!

[LTMeg]

You know what I mean ;-)

[ghoti]

You know what I mean ;-)

Actually I dont. What "sophisticated" threats are you talking about?

IE. Im trying to find out what your custom software/hardware based firewall is able to deal with that a software based firewall (on hardware ) cant do.

[LTMeg]

IE. Im trying to find out what your hardware based firewall is able to deal with that a software based firewall (on hardware ) cant do.

Thats what I meant ;-)

[ghoti]

Thats what I meant ;-)

I still dont know what sophisticated threats you are talking about....

The most sophisticated threats I can think like... like highly intelligent spear phishing (social engineering)... well no firewall will help you there. So I really want to know what sophisticated you are referring to.

[gregmcc]

I'm also confused - Checkpoint for instance, who are the world leaders in firewalls, have a software based firewall which will easily stand up to the "incredibly sophisticated threats"