7 Linux/BSD firewalls reviewed (incl pfSense & m0n0wall)

Wayne Richardson reviewed in total 7 different Linux and BSD firewalls back in Nov 2007 (ClarckConnect, Endian, Gibraltar, IPCop, m0n0wall, pfSense, SmoothWall) and compared them on basis of the following categories: setup, web-gui, extensibility and speed.

Since this is a FreeBSD blog I’ll just quote (with his kind permission) what he wrote about pfSense and m0n0wall. If you’re interested in the whole article and want to see how the BSD firewalls compare to Linux firewall, please refer to Wayne’s article.

pfSense was named the best firewall with a 95% pass rate; m0nowall received a 77% mark and was the smallest of the bunch.
Continue reading

PC-BSD vs DesktopBSD; similarities & differences


Similar to my m0n0wall vs pfSense; similarities & differences post, I thought I’d also post a “PC-BSD vs DesktopBSD; similarities & differences” overview since I get so much trafic from people trying to find out what the similarities and differences are.

A common misconception about DesktopBSD is that it is intended as a rival to PC-BSD as a BSD-based desktop distribution. Neither the DesktopBSD nor the PC-BSD project intend to rival each other; the two projects are completely independent with distinctive features and goals. PC-BSD has introduced a new package management (PBI) that lets you easily install packages, whereas DesktopBSD has developed a graphical utility that makes installing standard FreeBSD packages and ports easy. Let’s have a look at the similarities and the differences.

Continue reading

m0n0wall vs pfSense; similarities & differences

pfSense logoA common misconception about pfSense is that it is intended as a rival to m0n0wall as a BSD-based firewall system, since they are similar in structure and goals. This is not the case; some developers even contribute to both projects. m0n0wall is targeted at a specific level of hardware platform, which is the Soekris or Wrap (a 486 133MHz with 64 or 128 Mb RAM and low power consumption). pfSense requires 128 Mb ram. Likewise, m0n0wall gets away with a >= 10Mb CF card, while pfSense really needs a 256Mb card or bigger.

M0n0wall logopfSense is better in that it has more features, however m0n0wall is better in that it is smaller and simpler. Which of the two, m0n0wall or pfSense, you need, just depends on your (system/business) requirements.

Interesting link: BSD Firewalling, pfSense and m0n0wall (PDF – paper delivered at BSDCan2006)

GPL vs BSD, a matter of sustainability

Both licensing models have been around for a very long time. I don’t know which predates which, but it really doesn’t matter. The spirit behind both licenses is very similar: free software is good. But they realize this idea in different ways.

In the GPL license you have the four freedoms: to run the software, to have the source code, to distribute the software, to distribute your modifications to the software.

The BSD license is different, because it gives *you* the right to distribute the software, but it does not oblige you to make sure that the next guy has any such right.

Read this interesting article here

DesktopBSD vs PC-BSD

Jan Stedehouder has almost finished his DesktopBSD – the first 30 days series and the following are his observations with regards to how PC-BSD and DesktopBSD compare:

Today may be a good day to at least do a formal comparison between DesktopBSD and PC-BSD. I guess it can’t be avoided. Two FreeBSD-based open source desktops with similar goals, but finding different solutions.

The similarities between PC-BSD and DesktopBSD are there of course. Both use a graphical installer to assist the new user with getting FreeBSD on his/her system and both have chosen for the KDE desktop. DesktopBSD allows to boot into a live environment before actually dedicating it to your harddrive, while PC-BSD ships with Compiz Fusion.

The default software collections are different as well. DesktopBSD has chosen for Firefox, Thunderbird and Pidgin. A choice that makes sense as these applications are well-known and used on Windows and Linux. PC-BSD seems to stick more to KDE-based programs like Konquerer, Kontact and Konversation. However, these are minor differences.

DesktopBSD sets itself apart through the DesktopBSD tools and particularly the Package Manager. This graphical frontend for the packages and ports collection provides an easy tool for installing, upgrading and managing the software on your system. Working with Package Manager shouldn’t be a problem for Linux users that have experience with similar tools (Synaptic, Adept, Portage).

For PC-BSD the PBI’s are unique. The work on the PBI Build Server is progressing and that will result in a far larger collection of packages. This should contribute to a wider adoption of PC-BSD among people who used to work under Windows, since the PBI system emulates their “double-click-and-install” experience the most.

There is no need to try to figure out which one is better. I just marvel at both developments and I can see they both provide an answer to the needs of different groups of users. I can imagine a future where the DesktopBSD tools are enhanced to allow installing and managing PBI’s for FreeBSD-based systems, even if only for PC-BSD systems.

Smoothwall vs M0n0wall: a comparison

m0n0wall-logo2.gifWhen it comes to firewalls, most people are fine with a consumer grade solution like a Linksys, Netgear or D-Link “router,” but these devices lack in features. With a Pentium II 200MHz processor and 1GB of RAM, you can create a firewall that’s way more powerful than the standard cable/DSL router you get from a computer shop, and thanks to free software it has features those other devices can only dream about. Here, is a quick and small comparison between Smoothwall Express 3.0 (based on Linux) and M0n0wall 1.231 (based on FreeBSD).

Hardware
Both Smoothwall and M0n0wall run on low end hardware just fine. For both systems, you’ll want at least a Pentium 2 and 128MB of RAM. Smoothwall requires more hard drive space than M0n0wall, which only needs about 8MB! Machines like this are available at auction sites, flea markets and garage sales for next to nothing. Keep in mind that these machines will use more power than a consumer “router,” but M0n0wall does have an option to turn off the hard drive after a few minutes of being idle. Now, on to the feature comparison.

Features
Smoothwall offers many more features than M0n0wall, including a caching web proxy server, DNS server, intrusion detection system, instant messenger logging, NTP server and email virus scanning.
By design, M0n0wall is only a firewall. It keeps to the Unix programming concept of doing one thing very well. If you want things like a proxy server, IDS or DNS, you’ll want to use Smoothwall. If you want things like 1:1 NAT, M0n0wall is your best choice. Both systems offer web based management and traffic shaping.

Final Word
The bottom line is that both of these systems are excellent firewalls. Smoothwall has more features, but requires higher-end hardware, while M0n0wall’s web management of firewall rules and traffic shaping seemed to be easier to use.

This is a summary of a post found on Linux Brain Dump

BSD Community vs Linux Community

Another interesting post from Penguin Pete: “The BSD Community Compared to the Linux Community”:

“I’ll tell you the number one thing right off that I like better about BSD than Linux: the peace and quiet.

An amazing experience occurred when I began to run BSD. It was a Jedi event. I was jolted by something that suddenly stopped when I started BSD, something I hadn’t been aware of until it was gone. I experienced a great calming in The Force; as if a million screaming voices suddenly shut up!

Here is the story of two free Unix systems. BSD, at this time, is about twice Linux’s age. Many of the same programs will run on both. Much of the same kind of person who likes one should like the other. Yet on Linux’s side of the fence, there is this massive war going on; while on BSD’s side, you can step out on your porch at night and hear nothing but crickets.

Nobody is preaching that BSD has to do this, this, and this to suit some agenda.

Nobody is threatening to tar and feather the BSD users for being elitists.

Microsoft isn’t shaking any clubs at BSD and threatening to sue it for millions of patent violations.

Nobody is snapping up BSD distros in patent-protection racket deals.

Pundits are not shrieking about what BSD has to do to “make it on the desktop”.

Nobody’s threatening to blackball me out of the community if I don’t give them all my money to advertise BSD with.

Nobody’s gaming Distrowatch to try to get BSD distro A ranked above BSD distro B.

Nobody is wringing their hands about how to dumb BSD down, make it suitable for idiots, or turn it into I-Cant-Believe-Its-Not-Windows.

SCO isn’t suing over BSD.

Amazing, isn’t it?

Carry on reading here