From Firewall
As part of our Project Goals, we should know where and how our firewall fits into the landscape of other firewalls.
Please contribute to our firewall comparison table, adding or correcting information about any open source firewalls you are familiar with.
Purpose of each firewall
| Firewall
| Purpose
| Base technology
| License
|
| Mandrake SNF/MNF
| Original firewalls released by Mandrake as a free ISO, providing advanced iptables-based routing/filtering, proxying, and many other standard features. Designed for SOHO users as well as small to large corporate LANs.
| Linux 2.4 series, iptables/Shorewall, rpm/urpmi
| GPL
|
| Mandriva MNF2
| New (July 2005) version of MNF, adds a lot of great functionality such as traffic shaping, bonding, OpenVPN tunnels, etc. Designed for small to large corporate LANs. ISOs are no longer freely available, but the RPMs are available from CVS under GPL.
| Linux 2.6 series, iptables/Shorewall, rpm/urpmi
| GPL
|
| "Back Hole Firewall"
| Our current project, its short term purpose is to provide a free ISO version of the MNF2. Over the longer term, we plan to add our own features and modify it to suit our needs.
| Linux 2.6 series, iptables/Shorewall, rpm/urpmi
| GPL
|
Smoothwall
| Free and commercial versions, Smoothwall is a great basic firewall for small office/home office use. Like MNF2, it installs quickly and easily. Its interface more resembles consumer routers--rather than providing direct access to Shorewall rules, it has a port-forwarding page, a single DMZ host, etc.
| Linux 2.4 series, iptables
| GPL
|
[edit] Firewall features
Basic Features
| Firewall
| Minimum Hardware
| Recommended Hardware
| Web configuration
| SSH configuration
| Update mechanism
| Plug-ins available
|
| Mandrake SNF/MNF
| Basic PC, 300Mhz, at least 32MB RAM, ~2GB hard drive
| 500Mhz, 128MB RAM,3GB
| Yes, port 8443
| Yes
| urpmi
| No
|
| Mandriva MNF2
| Basic PC, 300Mhz, at least 32MB RAM, ~2GB hard drive
| 500Mhz, 128MB RAM,3GB
| Yes, port 8443
| Yes
| urpmi
| No
|
| "Black Hole Firewall"
| Basic PC, 300Mhz, at least 32MB RAM, ~2GB hard drive
| 500Mhz, 128MB RAM,3GB
| Yes, port 8443
| Yes
| urpmi
| No
|
| Smoothwall
| Basic PC, 100Mhz, at least 16MB RAM, 500MB hard drive
|
| Yes, port 441
| Yes
| tar.gz updates
| No
|
VPN Features
| Firewall
| IPsec site-to-site tunnel
| IPsec road warrior
| PPTP
| OpenVPN
| Certificate Management
|
| SNF/MNF
| Yes
| Yes
| Yes
| No
| Yes
|
| MNF2
| Yes
| Yes
| Yes
| Yes
| Yes
|
| Black Hole
| Yes
| Yes
| Yes
| Yes
| Yes
|
| Smoothwall
| Yes (not certificate-based)
| No
| No
| No
| No
|
[edit] Networking
Advanced Networking Features
| Firewall
| Multiple WAN IP addresses
| Interface bridging
| Bonding
| Static routes
| Loopback/SNAT rules
| Proxy ARP
| Static NAT
| DMZ/default host
|
| SNF/MNF
| MNF, With manual creation from shell
| No
| No
| Yes
| Yes
| ?
| ?
| Yes
|
| MNF2
| Yes, through web interface
| Yes
| Yes
| Yes
| Yes
| Yes
| Yes
| Yes
|
| Black Hole
| Yes, through web interface
| Yes
| Yes
| Yes
| Yes
| Yes
| Yes
| Yes
|
| Smoothwall
| No (possible with manual intervention)
| No
| No
| No
| No (possible with custom script)
| No
| No
| Yes
|
[edit] Services
Services
| Firewall
| Proxy server
| Caching DNS
| Dynamic DNS update
| Content filter
|
| SNF/MNF
| Yes
| Yes
| ?
| No
|
| MNF2
| Yes
| Yes
| Yes
| No
|
| Black Hole
| Yes
| Yes
| Yes
| No
|
| Smoothwall
| Yes
| Yes
| Yes
| No
|
[edit] Monitoring
Monitoring Features
| Firewall
| Traffic graphs
| Monitoring/logging
| Intrusion Detection/logging
|
| SNF/MNF
| Yes
| Yes
| Yes (Snort and Prelude)
|
| MNF2
| Yes
| Yes
| Yes (Snort, Prelude)
|
| Black Hole
| Yes
| Yes
| Yes (Snort, Prelude)
|
| Smoothwall
| Yes
| Yes
| Yes (Snort)
|
