Linux Firewall Options in 2013

I’m a bit security conscious with my network at home. I run a perimeter firewall sat directly behind the DSL Modem which then feeds multiple internal networks. Since 2003 I have been running Smoothwall Express for this purpose. It has performed well in this role, the main concern I have is that development support from Smoothwall Ltd seems to have stalled. The last major release was in 2006, there have been some service packs. The environment Smoothwall is in is moving faster than development is. Having had a google I have come up with a few options for replacement software. These are pfSense, m0n0wall and Zeroshell. All of these are in a state of continual development, which is what I am looking for. It now comes down to pros and cons for each and testing.

I have already given pfSense a spin and have found it pretty user friendly and flexible. It supports more interfaces than I need at present. The nice features are that it supports OS fingerprinting to create rules based on device type. I’m not likely to use this feature at present. But I can see some use case scenarios in the not too distant future. The major snag has been poor throughput issues. I think that these are down to the network card drivers that are used in pfSense for the 3Com 905C-TX cards that are loaded in the box. pfSense is a FreeBSD derived distro.

m0n0wall is currently on the box. This is also FreeBSD based, interestingly this isn’t seeing the same throughput issues (the hardware used for the firewall is over spec). m0n0 is running rather nicely on the firewall. The only major criticism of it I have is that the inner workings are very hidden. I am used to being able to remote into the box and make direct config changes. Of those tested so far though this is the winner, mainly due to the throughput.

However, since I think that pfSense is having driver issues which is causing the throughput issue. I have ordered some 3Com 905B cards, these are regarded to be the best Fast Ethernet cards made. I’ll be dropping these in and then giving Zeroshell a whirl before dropping back into pfSense in order to make my final decision.

Looks like it may be a busy weekend of firewall fiddling.

Leave a Reply

Your email address will not be published. Required fields are marked *