You are on page 1of 9

phone store(http://phonestore.techradar.



Free newsletters(/newsletter) GB Updated 6h ago


Search Pro

Search all Log in Join












TechRadar Pro(/pro) New s(/pro/new s) 7 of the best Linux firew alls

PfSense, Smoothwall Express, Smoothwall Advanced

Distributions designed to secure your network
COMMENTS By Martin Meredith (/author?searchTerm=Martin Meredith)from Linux Format Issue 132 June 19th 2010
S H A R E ( H TTP S : / / W W W . F TW AC EE EB T( OH OTTP K.C 0 S O :/ M / TW /SH I TTE ARE R S R .H /A C S O H R M A/( E R IH N ETTP TE R.P N S H T/ :P /TW /? PL EU ES T? .G SH OA OR GE L(E H.TTP CO7 M : // S WH W A W R.E L? I N K E D I N . C O M / S H A R E A R TI C L E ?


PfSense, Smoothwall Express, Smoothwall Advanced

Monowall: Meet the smallest distribution in our test Monowall is a BSD-based firewall designed to run on a 16MB flash card, and it has the smallest footprint of the firewalls we tested. Because of this, Monowall only provides the bare bones features for a firewall. Still, given it's so small, it's a rather impressive distribution. Monowall boots directly into a configuration menu. First, you have to configure the network interfaces with Monowall's 'Auto Detect' feature, which, for those of you who generally can't work out which identifier corresponds to each network connection, enables you to assign a LAN/WAN interface by detecting a cable being unplugged, then plugged back in.

Get free weekly updates

Sign up to receive TechRadar Pro's free weekly newsletter with the week's IT insights.

Enter your email address...

Sign me up

Popular in


Top laptops: 25 best laptops in the US


The forgotten man: how Stephen Elop missed out on being Microsoft CEO

10 best Android tablets in the world

Samsung Galaxy S4 review


Rated Most Read

Monowall has the advantage of being one of the few firewalls we've tested here that provides quality of service (QoS) routing by default, which enables you to 'traffic shape' your connection so that certain requests get priority. This is useful if you want to use VoIP for your telephone connection, because you can prioritise the VoIP link. Once you've assigned your network interfaces, you can set a password for the WebGUI system, which enables you to configure the rest of your firewall setup via the web-based interface. Being a BSD-based system, some of the terminology may initially seem confusing, but after some web searches and then using it for a while, it becomes second nature.

Microsoft SQL Server 2014 review (/reviews/pcmac/software/business-and-financesoftware/microsoft-sql-server-20141241080/review) Devolo dLAN 650 Triple+ Starter Kit review (/reviews/pcmac/networking-and-wi-fi/networkadapters/devolo-dlan-650-triple-starter-kit1240775/review) Dell Venue 11 Pro review

Although Monowall is a tiny firewall distribution, security isn't compromised. It's particularly good for those of you who want to run a safe network without having to spend too much money on hardware, since it will run fine on a standard, off-the-shelf PC. Verdict Monowall 1.31 Price: Free Website: Great for older boxes and embedded systems, but only has basic features. Rating: 5/10 PfSense: If you want a comprehensive firewall and nothing else, look no further PfSense seems a strange name at first, but when you realise that it's a fork of Monowall, and therefore BSD-based, it starts to make sense. BSD uses a program called pf (packet filter) as its stateful packet filter, which is much the same as Iptables, although some say it's more powerful. This is because pf and Iptables work in different ways.

(/reviews/pcmac/tablets/dell-venue-11-pro1185301/review) Windows 8.1 review (/reviews/pcmac/software/operating-systems/windows8-1-1161745/review) Windows 8 review (/reviews/pcmac/software/operating-systems/windows8-1093002/review) All Reviews(/pro/reviews)

Latest downloads
Maths software for students


Norton Internet Security 2014

Comprehensive security for Windows

(/downloads/norton-internet-security-2014) Windows Product Key Finder Professional

Find and recover Windows CD product keys

(/downloads/windows-product-key-finderprofessional) 3DMark 11
Benchmark your system and compare

(/downloads/3dmark-11) Mail PassView

Password-recovery just got a whole lot easier

Pf works better with stateful rules (where it needs or uses information about previous packets in a stream), and Iptables is better with stateless rules (where it doesn't need to know about previous packets). In this sense, pf is slightly more secure than a firewall using Iptables would be, because by tracking TCP sequence numbers, it makes a connection harder to spoof. PfSense, like Monowall, has a simple install process that drops you to a command line, but unlike Monowall, it asks you to set up the interfaces during the installation, rather than once it's booted. Again, determining which network card relates to which interface is easy with the autodetect feature. Being a fork of Monowall, you'd expect the features to be similar or even identical, but PfSense adds extra features, such as multi-WAN, hardware failover, and different methods of authentication. It has a cleaner interface and feels smoother to use. Once again, being BSD, some of the terminology used is confusing, but doesn't take long to get to grips with. PfSense is possibly the most featureful firewall distribution out there, but falls down due to its lack of extra features that aren't entirely firewall-related. If you're just after a firewall, you won't go wrong by choosing PfSense, but if you need anything extra, you'll need another box to put it all on. Verdict PfSense 1.2.3 Price: Free Website: ( The most complete firewall distribution here, but it doesn't come with any non-firewall extras. Rating: 7/10 Smoothwall Express: Probably the firewall distribution with the biggest reputation out there Smoothwall is probably the bestknown firewall distro. To test this, we did a quick poll of 20 Linux geeks, asking them to name a firewall distro. Nineteen of them came up with Smoothwall first.

Installation of Smoothwall Express is once again pretty straightforward, if a little confusing. It's definitely worth downloading the Installation Guide to walk you through the installation process. You can mostly accept the default options and everything should just work, unless you've got an unusual network configuration.

Once you've done the initial setup of Smoothwall Express, you're good to go because it doesn't require much further tweaking, other than plugging the network cables into the right place. The web-based control panel is simple and easy to understand. It gives you quick access to the functionality that Smoothwall provides. Smoothwall Express doesn't provide much in the way of 'extra' features, as you can see from our table on the opposite page. However, like IPCop, it does enable you to have a separate account that can control the main connection, which is especially useful if you're using dial-up, alongside its caching web proxy service. One of the benefits of Smoothwall Express is the simplicity it offers when running internal DNS adding a new hostname takes only a few seconds. The only issue we noticed during testing was that assigning static DHCP lease assignments requires you to click Add followed by Save, and it isn't particularly obvious that you have to do the second step. We found that this led to a fair bit of confusion with our network attached printers jumping from one IP address to another. Verdict Smoothwall Express 3.0 Price: Free Website: ( A great firewall that's easy to use, but it comes up a bit short in terms of more advanced features. Rating: 8/10 Smoothwall Advanced: The paid-for firewall with a lot of bang for your buck

This is the only paid-for firewall that we're reviewing here. Smoothwall Advanced's installation progress is similar to that of Express, but you'll initially only be asked to configure the internal network, so that you can access its web-based control panel to set up everything else. Smoothwall Advanced seems designed to be used as a corporate office firewall, with the options to create authentication-based access to different parts of the network, and its web proxy and email filtering systems. This isn't necessarily a bad thing, but it can sometimes be overwhelming when you're trying to use it as a home or small office firewall.

For anyone used to using Express, the layout of the web-based administration will be familiar, although we found that because of a slightly different way of thinking about putting the firewall together, certain simpler tasks seemed harder than we had expected. On the whole, however, the obvious attention to detail that has gone into Express is highly visible in Smoothwall Advanced as well. While the extra features available in Advanced are great for someone who wants a one-box solution, we found ourselves asking whether there was a better alternative for us, or if two boxes to create the same functionality would be a safer bet. Add to that the 'limitations' (four network interfaces and 20 VPN connections included) and the fact that you have to pay more to expand it, Smoothwall Advanced really doesn't make sense unless you work for a company that can pay the extra for what you need, or if you feel safer using a paid-for product. Verdict Smoothwall Advanced 2 Price: 1,250 + yearly renewal Website: ( A well-rounded firewall distribution, but is the price tag worth it? Rating: 6/10 The winner: eBox Platform: 9/10 Choosing the right firewall distribution is largely dependent on the job you need it to do. If you're setting up a home or office network, having a firewall in place makes a lot of sense. Other than common sense, firewalls are the best way of fighting against the plethora of dangers out there on the internet. But some of the time, it's also a good idea to have that bit of extra functionality to make your life easier.

When we started writing this Roundup, we thought we already knew which of these distros would win. But this was before we looked more closely at the current offerings that are out there. When we did, we were pleasantly surprised to find some of the relative newcomers to the field providing an excellent experience. Just a firewall If you're just after a firewall, then all of the distributions here will do a good job, with some performing better than others. If this sounds like you, you can't go wrong with PfSense. Failing that, IPCop and Smoothwall Express are excellent options if you're not after anything too complex, with Smoothwall Advanced trailing behind simply because of the price. If you want something with a small footprint, or to run on an embedded device, then Monowall is a perfect choice. Bonus bits For us, however, a box in the corner that isn't being used to its full extent is a wasted box (which is why we like virtualisation). Because of this, our winner is eBox Platform.

The astounding feature list and the fact that it's built on top of a standard Ubuntu install means that along with the firewall, you've got a box that can do close to anything you can imagine. Admittedly, it was quite hard to decide between eBox Platform and ClearOS. Ultimately, although ClearOS gives a lot of functionality and has an amazingly usable interface, eBox has the potential to have any kind of functionality added to it. If you don't need all the superpowered features that eBox gives you, you'll find that ClearOS provides you with everything you need in a single, well-maintained, usable package. Finally, Smoothwall Express deserves a special mention, because it's the only firewall that you can leave alone once it's installed, and not have to play with to get it up and running. If you ever need to locate specific settings in it, these are simple to find as well. In fact, prior to testing the other firewall distributions we did for this Roundup, Smoothwall Express would most probably have been our number one choice. -----------------------------------------------------------------------------------------------------First published in Linux Format( Issue 132 Liked this? Then check out 8 of the best tiny Linux distros(/news/software/operating-systems/8-of-the-best-tiny-linuxdistros-683552)

Sign up for TechRadar's free Weird Week in Tech newsletter Get the oddest tech stories of the week, plus the most popular news and reviews delivered straight to your inbox. Sign up at Follow TechRadar on Twitter( * Find us on Facebook(


PfSense, Smoothwall Express, Smoothwall Advanced

First(/news/software/applications/7-of-the-best-linux-firewalls-697177#articleContent) Prev(/news/software/applications/7-of-the-best-linux-firewalls-697177/1#articleContent)
Tags Linux(/tag/Linux), security(/tag/security), internet(/tag/internet)

See more software news

S H A R E ( H TTP S : / / W W W . F TW AC EE EB T( OH OTTP K.C 0 S O :/ M / TW /SH I TTE ARE R S R .H /A C S O H R M A/( E R IH N ETTP TE R.P N S H T/ :P /TW /? PL EU ES T? .G SH OA OR GE L(E H.TTP CO7 M : / // S WH W A W R.E L? I N K E D I N . C O M / S H A R E A R TI C L E ?


More from around the web

( (
Great phone but not a game changer
(Financial Times)

Digital Divide in India

(Best Matters)

You have hot photos to

More from TechRadar


How to build a router based on Linux

How to build your own

Recommended by

Add your comment

Type your comment here.

You need to log in or join to add comments.


By submitting this form you agree to our Terms of Use(http://w w w and so are legally responsible for anything you submit. DO NOT submit anything w hich may violate the Terms of Use(http://w w w or another person\'s rights including copyrighted or offensive materials.

Back to top

More from TechRadar

HTC One (M8)(/reviews/phones/mobilephones/htc-one-m8-1235307/review) Xbox One(/news/gaming/consoles/xbox-onerelease-date-news-and-rumours-937167) PS4(/reviews/gaming/games-consoles/sony-ps41131803/review)

Tesco Hudl review(/reviews/pc-mac/tablets/tesco- Android 4.4(/reviews/pc-mac/software/operating- Moto G(/reviews/phones/mobile-phones/moto-ghudl-1183138/review) iPhone 5S(/reviews/phones/mobilephones/iphone-5s-1179315/review) systems/android-4-4-kitkat-1214798/review) iPhone 6(/news/phone-andcommunications/mobile-phones/iphone-6release-date-news-and-rumours-1099865) iPad mini 2(/reviews/pc-mac/tablets/ipad-mini-2- Samsung Galaxy S5(/reviews/phones/mobilewith-retina-display-1191349/review) tv-deals-1171772) Apple CarPlay(/news/car-tech/apple-carplayeverything-you-need-to-know-about-ios-in-thecar-1230381) Best mobile phones(/news/phone-andphones-in-the-world-today-645440) phones/samsung-galaxy-s5-1226990/review) hd-what-you-need-to-know-about-uhd-1048954) Nexus 5(/news/phone-anddate-news-and-rumors-1181883) Windows 8.1(/reviews/pc1161745/review) Search 1199218/review) iPad 4(/reviews/pc-mac/tablets/new-ipad-41106634/review) iPad Air(/reviews/pc-mac/tablets/ipad-air1191350/review) Best free software(/news/software/the-best-freesoftware-for-your-pc-1221029) definition/ultra-hd-what-you-need-to-know-aboutuhd-1048954) Best Ultrabook(/news/mobilelights-for-2012-1054355) communications/mobile-phones/nexus-5-release- computing/laptops/best-ultrabook-16-top-thin-and-

Cheap TVs(/news/television/hdtv/cheap-tvs-and- 4K TV(/news/home-cinema/high-definition/ultra- Ultra HD(/news/home-cinema/high-

communications/mobile-phones/20-best-mobile- mac/software/operating-systems/windows-8-1-

Brow se all(/review s) Mobile phones(/review s/phones/mobilephones) TVs(/review s/audiovisual/televisions/plasma-and-lcd-tvs) Tablets(/review s/pc-mac/tablets) Digital cameras(/review s/camerasand-camcorders/cameras) Laptops(/review s/pc-mac/laptopsportable-pcs/laptops-and-netbooks)

Buyer's guides
Mobile phones(/new s/phone-andcommunications/mobile-phones/20best-mobile-phones-in-the-w orldtoday-645440) TVs(/new s/television/hdtv/best-tv2012-w hat-tv-should-you-buy-thisyear--709255) Tablets(/new s/mobilecomputing/tablets/10-best-tablet-pcsin-the-w orld-today-1079603) iPhone apps(/new s/computing/apple/top-50best-free-iphone-apps-2012-663484) Cameras(/new s/photography-videocapture/cameras/best-compactcamera-2012-27-review ed-963985) Laptops(/new s/mobilecomputing/laptops/top-laptops-the-20best-laptops-in-the-w orld-706673)

All videos(/videos) Mobile phones(/videos/mobiles/all) TVs(/videos/tvs/all) Tablets(/videos/tablets/all) Cameras(/videos/cameras/all) Laptops(/videos/laptops/all)

All new s(/new s)

About us(/about)

Facebook(http://w w w Contact us(/contact) Tw itter(http://tw Sitemap(/sitemap)

YouTube(http://w w w Accessibility(/accessibility) New sletter(/new sletter) RSS(/rsstoolkit)


United Kingdom(/news/software/applications/7-of-the-best-linux-firewalls-697177/2) TechRadar Network

United States(/us/news/software/applications/7-of-the-best-linux-firewalls-697177/2) Australia(/au/news/software/applications/7-of-the-best-linux-firewalls-697177/2)

(http://w w w

Future is AOP and PPA Consumer Digital Publisher of the Year. TechRadar is part of Future plc, an international media group and leading digital publisher. We produce content across five core areas: Technology T3(http://w w w Entertainment Music Creative Sport & Auto


CVG(http://w w w Classic Rock(http://w w w Digital Camera World(http://w w w .digitalcameraw BikeRadar(http://w w w

Mac|Life(http://w w w PC Gamer(http://w w w MusicRadar(http://w w w Mollie Makes(http://w w w Cyclingnew s(http://w w w .cyclingnew Gizmodo UK(http://w w w GamesRadar(http://w w w Guitarist(http://w w w Photography Week(http://photographyw ChopMTB(http://w eek.digitalcameraw w w More...(http://w w w Total hat-w Film(http://w e-do/portfolios/technology/) w w Metal Hammer(http://w w w The Simple Things(http://w w w TriRadar(http://w w w

More...(http://w w w More...(http://w hat-w e-do/portfolios/entertainment/) w w More...(http://w hat-w e-do/portfolios/music/) w w More...(http://w hat-w e-do/portfolios/creative/) w w hat-w e-do/portfolios/spor

About Future(http://w w w

Jobs(http://w w w

PR(http://w w w s/)

Advertising(http://w w w hat-w e-do/advertising-solutions/)

Digital Future(

Privacy Policy(http://w w w

Cookies Policy(http://w w w

Terms & Conditions(http://w w w

Subscriptions(http://w w w

Investor Relations(http://w w w

Contact Future(http://w w w

Future Publishing Limited, Beauford Court, 30 Monmouth Street, Bath BA1 2BW. All rights reserved. England and Wales company registration number 2008885.