[kwlug-disc] Linux Based Firewalls

Cedric Puddy cedric at ccjclearline.com
Tue Dec 22 20:50:30 EST 2020 

Not sure if this is still helpful to the OP, but for what it's worth:

1) Firewalls: for hackability balanced with maintained stability, and still
a reasonable amount of feisty OSS grit, I've come to be a fan of Mikrotik;
you can centrally manage them (never seen in a device at this price point),
they can do pretty much anything you can dream of on a Linux firewall, have
a mature well understood interface and broad community of people who know
how to get them done, have lots of hooks for running scripts, have
L2TP/OpenVPN/IPSec nicely bundled, can work as routed or bridged, and great
debugging tools integrated in.  The "winbox" thing can be pretty easily
ignored, and their bang-for-buck is crazy good.   If you don't want to buy
the hardware/want to run in a VM Container, they will license their hard
work as a VM or image you can run on a PC for cheap, like $45 for a one
time license.  The Barracuda NGFW's we do (also linux boxes on bespoke
hardware, and much more costly) can do some of the stuff a bit easier or
more palitably to the corp client in someways, but it darn crazy how close
a Mikrotik RB750 or RB4011 can come to eating their lunch (and sometimes
does, at our shop!).  YMMV.

2) As far as a server with services, I've been just doing raw CentOS and
doing what I need, as needed.  It's not good for giving to other people,
per se, but every SMB/home server distro I've ever tried has died of
non-maintenance, so I kinda gave up a while back.  I'm kinda being suckered
into unRaid right now though, as a replacement for how I run my
home/containers/etc, because it ticks all the boxes I need...  again, while
closely aligned and build out of OSS stock, it's not as open as some would
require, so it's not for everyone.

-C

On Tue, 1 Dec 2020 at 15:43, John Sellens <jsellens at syonex.com> wrote:

> I've had great success with pfsense for many years, and have no complaints.
> I've run HA pfsense pairs for years with no problems or downtime.
>
> I just upgraded a 10 year old physical pfsense box running a long
> obsolete 1.x version of pfsense to current 2.4 and the configuration file
> imported perfectly.
>
> I've also bought Netgate hardware running pfsense and found it to be
> reliable and cost effective.  I had one with a hardware problem, and
> the support from Netgate getting it replaced was fantastic.
>
> Hope that helps - cheers
>
> John
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>


-- 
| CCj/ClearLine - Hosting and TCP/IP Network Services since 1997
| 118 Louisa Street, Kitchener, Ontario, N2H 5M3, 519-489-0478x102
\________________________________________________________
  Cedric Puddy, IS Director cedric at ccj.host
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20201222/50ca7066/attachment.htm>

More information about the kwlug-disc mailing list