Re: [SLUG] Good open source Firewall?

• Next message: Dylan Hardison: "Re: [SLUG] [OT] Good open source Firewall?"
• Previous message: Pete Theisen: "Re: [SLUG] Hosting The Great Satan"
• In reply to: Jonathan Brown: "Re: [SLUG] Good open source (or pay for a little more than the open source) Firewall?"
• Next in thread: Dylan Hardison: "Re: [SLUG] [OT] Good open source Firewall?"
• Reply: Dylan Hardison: "Re: [SLUG] [OT] Good open source Firewall?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> From: Scott Grizzard <scott@scottgrizzard.com>
>
> I am playing with pfSense and Smoothwall. Can anyone think of any other
> firewall distros out there that are open source, but easy for users (not
> admins, actual users, the /little people/ who are trying to remotely
> connect to my cool server). Commercial support contracts are good too.
>
> Barring that, anyone have a firewall appliance they less than three more
> than any of these open source product?

I scavenged a surplus Pentium-90 from an employer about 7 years ago
(it was already old THEN) and installed smoothwall on it. I've used it
(and the included 512MB hard drive, upgraded to 128MB RAM) since then.
You could probably do something similar: buy some outdated computers in
bulk off ebay, add a NIC, replace the hard with a new one or a SSD
device (watch out for swap and logs!) and sell/lease them to your
customers for a nominal fee and offer low cost replacements if they die.

Smoothwall includes VPN features (which I never had the need to use). I
have a simple configuration (all outgoing, SSH in, HTTP in, SMTP in, no
UPNP no logging) that I haven't needed to change since setup except
for black-holing attackers.

Despite my dedication to the command line (tm), for firewalls I need
some sort of GUI for everything to make sense. IPtables/IPchains never
did it for me.

I recommend that you strongly encourage your customers to do some kind
of service contract with you to maintain their firewalls. I don't think
that security should be left in the hands of amateurs. Get a couple
people to contract for you to make changes at $20/hr. Use different
random passwords on each firewall. The customer can still audit the
config themselves, they're just recommended to not make any changes.

Oh, and you'll need someone who understands HIPPA requirements. And
probably PCI and SOX.

--Bryan
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

• Next message: Dylan Hardison: "Re: [SLUG] [OT] Good open source Firewall?"
• Previous message: Pete Theisen: "Re: [SLUG] Hosting The Great Satan"
• In reply to: Jonathan Brown: "Re: [SLUG] Good open source (or pay for a little more than the open source) Firewall?"
• Next in thread: Dylan Hardison: "Re: [SLUG] [OT] Good open source Firewall?"
• Reply: Dylan Hardison: "Re: [SLUG] [OT] Good open source Firewall?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:12:21 EDT