Joe Commisso wrote:
> So can anybody help me with the choice of a firewall?
> I realize this is a crowd that may be biased toward m0n0wall as I am
> I ask because I need to validate my choice in recommending this to my
> employer and it is also part of my master's thesis which is leaning
> toward security.
> Maybe someone here can help me in a list of things to look for in a
> secure firewall?
> I realize one item would be ease of use, which m0n0 rates very high.
> My instructor suggested openbsd which is also secure.
> Does anybody here know how m0n0 compares to openbsd?
First, Freebsd and openbsd are actually very close. The differences
between them are less than the differences between Freebsd and m0n0wall.
So a short list of why I use m0n0wall.
1) Lean by design. Secure is a given but lean is not... You see every
app we remove is one less attack vector. Some things they we (m0n0
devs) don't think belong in a firewall are; Web Proxy, web filter, upnp,
mail server, virus filter, file server and print server. Yes, the last
2 were actually requested.
2) Full featured. Isn't this the opposite of #1 above? Well, not
really. Security features are good. Network features are good. I love
having VPN, DynDns, Captive Portal, and traffic shaping.
3) Easy. Options that aren't reliable just aren't there. (eg: FQDN for
IPsec) It is well organized and intuitive.
4) Stable. I have 60 of them out there, and they all just work. Other
stuff goes down, but not m0n0wall.