, posted: 13-Jul-2006 21:44

I have never been majorly impressed by embedded/appliance firewalls (not even Makos) until recently, when I discovered pfsense, a totally free FreeBSD distribution specifically designed for said purpose.

It's forte is a web-based administration interface which will let you manage port forwarding, firewall rules, traffic shaping, logging, graphs, DHCP, VLANs, multi-homing, multiple IPs per interface and etc with stupefying ease. This free firewall is surely better than many a commercial firewall.

It runs from CD or hard disk (or other embedded memory) but I wouldn't run it from CD because theres too many moving parts in a CD drive that might fail. To install it you will need a PC with at least 2 network cards, a >64Mb hard disk, CD drive and some respect for command line interfaces ie being able to read and follow on-screen instructions =)

Download and burn the LiveCD then boot it in your new firewall. The initial configuration will ask you to 'assign interfaces' this means refering an interface name to each of your network cards.

It's quite easy to do it the automatic way, unplug any network cables from the NICs and press a. The first one it will try and detect will be your WAN/Internet interface, plug the network cable into the NIC you wish to be used for this and press enter. Repeat this process for your LAN and any other interfaces as required.

After that you should be at the menu. Here, press 99 enter and you will be taken through a wizard-like setup programme that partitions, formats and installs pfsense to your hard disk.

Comment by juha, on 14-Jul-2006 18:32

FreeBSD++ but you need to credit the OpenBSD team for developing the most excellent pf packetfilter. It's by far the easiest and most flexible IP traffic management system that I've used. pfSense looks very good.

