[tclug-list] Firewall distros.. What do the cool kids use now?

Fri Apr 17 09:38:56 CDT 2020

Not that this is all that pertinent to today's hardware/distros,
but...Many years ago I used a really early version of Fedora (manually
configured iptables) on a 486 class PC with, at most, 512MB of RAM.If I
recall I was on a synchronous 128Kbit connection before broadband was
available in this community.The distro I used actually fit on a floppy,
so after bootstrapping from the floppy to RAMfs, I popped it out.Uptime
for that before retiring it was well over 1000 days.
I also tried Untangle, and Nitix, and some other ones which have been
lost to the dustbin of my memory.
Today I use the relatively inexpensive Ubiquity EdgeRouter Pro with 8
independently configurable interfaces - rack mountable, small
footprint, robust, easy to configure, and high throughput. It has some
nice observability tools built-in (I can watch my Comcast connection go
out and come back), and after putting the Comcast modem in bridge mode,
my EdgeRouter is "on the Internet" so it can be a secure endpoint for
me to VPN back into my LAN. All with very little configuration.
I certainly hear you about reusing old hardware. I was there but aging
like I have, I tend to donate the old hardware and purchase fit-for-
purpose equipment for my use cases.
Let us know what you end up setting up.
On Fri, 2020-04-17 at 08:51 -0500, Brian Wall wrote:
> Hi all,
> I have an older piece of gear with an Intel Core2 proc, 2 gigs of
> RAM, and a multitude of interfaces.  I've been wanting to turn this
> into a firewall appliance.
> 
> I'm wanting to use 5 or 6 different interfaces (LAN, WAN, DMZ, Guest
> WIFI, IoT, Lab).  I'm finding that the old standbys, IPcop and its
> sort of replacement IPfire don't handle that number of interfaces and
> all the filtering I want.
> 
> I've played with pfSense, and it's OK, but limited in its feature
> set.  I really like Untangle, but it insistently demands 6GB of RAM
> and not 1MB less.  This box is finicky enough that I don't really
> have the desire to find enough RAM and make the box happy about it.
> 
>  So.. What else is out there that people like?  Do people still roll
> their own with iptables, pf, or whatever the latest thing is?
> 
> Yes, I suppose I could replace the box, but it's a 1U appliance and
> designed for this kind of thing.
> 
> I'm open to suggestions.
> 
> Thanks,
> Brian
> 
>  
> 
> 
> 
> 
> 
> _______________________________________________TCLUG Mailing List -
> Minneapolis/St. Paul, Minnesotatclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20200417/af342856/attachment.htm>