[TriLUG] Slightly-OT: Firewalls

Mon Apr 18 18:22:02 EDT 2011

On Mon, 18 Apr 2011, Jonathan Woodbury wrote:

> I'm a big fan of using commodity hardware for firewalls and routers.
> I personally haven't gotten into a distribution purpose built for this
> task.  Everything I've done has been using Debian and its standard
> repository of packages, usually iptables/ip6tables, radvd, racoon,
> ipsec-tools, openvpn, tc, and ntop.  The performance was great, the
> feature set was enormous, and I could backup, monitor, and manage the
> device just like all the other Linux servers in my network.

This is what I do as well. I usually also run bind for DNS recursion, ISC 
dhcpd3 for handing out DHCP leases, and hostapd and bridge-utils for 
WLANs. Now that I'm familiar with these tools, I find it only takes a few 
hours to whip up a new system from spare parts.

 			Alexey