[ previous ] [ next ] [ threads ]
 From:  "Kimmo Jaskari" <kimmo dot jaskari at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Choosing a firewall
 Date:  Tue, 2 Oct 2007 23:08:34 +0300
On 10/2/07, Michael Sierchio <kudzu at tenebras dot com> wrote:
> Joe Commisso wrote:
> > So can anybody help me with the choice of a firewall?
> Yes, *anyone* can help.  Walk into a music shop near you,
> ask to see a violin, and then ask: "Does this violin
> play Mozart?"

No reason to demonstrate a fine grasp on sarcasm on this mailing list,
we already assumed that was a prerequisite that was filled. ;)

I think one can be fairly safe in assuming that any firewall-specific
distro is reasonably secure. M0n0wall differs from a basic OS like
OpenBSD in that it is a specific application that incorporates the
basic network parts of an OS with added firewall- and routerspecific
features tacked on.

The same can be said for the likes of Smoothwall and other similar
Linux based firewall distros.

One of the major differences would be that a firewall software like
this is made to be secure out of the box, and you really have to go
out of your way to make it not so, whereas many OS releases are never
meant to be firewalls directly but just an OS. Depending on the OS,
you get better or worse security out of the box for the OS itself,
also. Windows is usually both broken and completely insecure out of
the box; many Unixlike OSes are quite secure out of the box, like
OpenBSD, FreeBSD, the latest Solaris, and so forth.

Still, comparing m0n0wall with OpenBSD is a very apples-and-oranges
kind of thing to do, one is a firewall application and the other is an
OS that can be made to act like a firewall with manual tinkering. In
theory you could make a firewall out of a Windows install too, but
it's not the first choice of OS I'd make...

My main reason to like m0n0wall over the others is simply the
simplicity and the feature set that suits me right down to the ground.
It has traffic shaping, it has nice DNS forwarder functionality, it
does DynDNS out of the box, has very useable VPN functionality and it
runs fantastically off an IDE flash module as it stores everything in
memory and doesn't write at all to the flash except to save settings.
Due to that I have a completely noiseless firewall built on an old
Celeron 466 Compaq small form factor PC.

-{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--

"If knowledge can create problems, it is not through ignorance that we
can solve them."
  - Isaac Asimov