One of the advantages of using Free Software applications and operating systems is choice. Plenty to choose from. Not satisfied with one, switch or pick another one. If the switch involves different flavors of Linux or BSD operating systems (distros), it’s called distro hopping. When it comes to picking a firewall and router, you want to limit how often you distro-hop. In fact, better not to distro-hop at all. You want to pick the best, or more aptly, the one with all the features that you need, set it up, and forget about it. Or at least ’til it’s time to update your firewall rules or update the system.
The point of this article is to present to you the firewall and router distributions that – based on personal experience – are the best in their category. These are firewall-cum-router distros with the most features (basic and advanced), and have a graphical management interface that is very intuitive to use.
After reading this post, I recommend that you take a look at features summary of Linux, BSD firewall and router distributions.
If you are looking for a free, professional-grade, Linux- or BSD-based firewall and router distro for home or small business use, you can’t go wrong with:
Astaro Security Gateway Home Edition: This is the free edition, for home or personal use, of Astaro Security Gateway by Astaro Corporation. It is the best in class. It has just about everything you’ll need in a firewall-cum-router operating system. Aside from the basic features (stateful packet inspection and IDS/IPS), it also has support for failover, load balancing, high availability, and VLANs. The management interface is the most professional looking of all reviewed. And it (the management interface) is also one of the most intuitive to use and navigate. See this table for a feature summary of this distro and others in its category.
There are only two sour points about this distro that I can identify, and they are:
- Hardware detection is suspect. On my test machine, it failed to detect the Linksys and Belkin wireless USB cards attached. Those cards were detected by IPFire, another Linux-based distro with far less features than Astaro.
Another thing is that you are restricted to no more than
tenfifty IP addresses (the address limit was recently upgraded) simultaneously passing though the system. Not good if you have more than ten, active networked devices in your LAN.
If the IP address restriction is not a problem for you (it shouldn’t, with the new IP address limit of fifty), this distro is highly recommended. More info here.
ClearOS: This is the latest distribution to be reviewed and listed on this site. Aside from a full suite of firewall capabilities, it can also be used as a file, print, database, and Web and FTP server. Like Astaro, it also sports a professional-looking and very intuitive admin interface. A detailed review of ClearOS 5.1 is available here.
While this distribution is free to download and use, home users should be aware that updates to most of its features are fee-based.
pfSense: This one is just as feature-rich as Astaro, with a very simple and intuitive graphical management interface. The main difference between pfSense and Astaro is that it (pfSense) is based on FreeBSD, and uses openBSD’s pf for packet mangling while Astaro is based on Linux (kernel 2.6). Like Astaro, it also has support for failover, load balancing, and VLANs, that is, aside from basic firewall and router features. pfSense’s functionality can be extended by additional installation of packages from the management interface.
Unlike Astaro, pfSense comes without strings, that is, no IP address restrictions. pfSense’s features are summarized in this table.
Smoothwall Express: This is another Linux-based firewall and router distro. Development and maintenance is by SmoothWall Limited, a network security outfit based in the UK. The default installation is not as feature-rich as Astaro or pfSense, but by installation of mods, of which there are dozens, you can make an installation of SmoothWall perform just about any firewall and router task on your network.
Like pfSense, SmoothWall is completely free and also has no IP address usage restrictions. You may peruse an overview of SmoothWall’s features in this table.
These – in my opinion – are the top three. If you are not satisfied with any one of them, you may check out this article for a feature comparison of these and other distros in the firewall and router category.