[ previous ] [ next ] [ threads ]
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Choosing a firewall
 Date:  Tue, 02 Oct 2007 16:57:12 -0500
Joe Commisso wrote:
> Hi,
> So can anybody help me with the choice of a firewall?
> I realize this is a crowd that may be biased toward m0n0wall as I am 
> somewhat.
> I ask because I need to validate my choice in recommending this to my 
> employer and it is also part of my master's thesis which is leaning 
> toward security.
> Maybe someone here can help me in a list of things to look for in a 
> secure firewall?
> I realize one item would be ease of use, which m0n0 rates very high.
> My instructor suggested openbsd which is also secure.
> Does anybody here know how  m0n0 compares to openbsd?

First, Freebsd and openbsd are actually very close.  The differences 
between them are less than the differences between Freebsd and m0n0wall. 
  So a short list of why I use m0n0wall.

1) Lean by design.  Secure is a given but lean is not...  You see every 
app we remove is one less attack vector.  Some things they we (m0n0 
devs) don't think belong in a firewall are; Web Proxy, web filter, upnp, 
mail server, virus filter, file server and print server.  Yes, the last 
2 were actually requested.

2) Full featured.  Isn't this the opposite of #1 above?  Well, not 
really.  Security features are good.  Network features are good.  I love 
having VPN, DynDns, Captive Portal, and traffic shaping.

3) Easy.  Options that aren't reliable just aren't there. (eg: FQDN for 
IPsec)  It is well organized and intuitive.

4) Stable.  I have 60 of them out there, and they all just work.  Other 
stuff goes down, but not m0n0wall.