» Firewalls... what to choose

[phen1x]

I am planning on building my own personal firewall with 1-7 pc. I have a list of firewalls in mind but i'm having trouble choosing. So i was wondering if any of the experts where, or anyone as matter of fact help me.
This is my list: Ipcop, Endian, PFSense, M0n0wall.
Any other suggestion is welcome.
Thanks in advance

[TheXero]

if your behind a router i wouldn't even bother with one

besides firewalls provide more hassle than good

i haven't used any in years (i'm on xp btw)

[MaXe]

m0n0wall is easy to set up and use.

Just don't run it from a LiveCD, install it to a harddrive.

Even the most crappy computer can run it. But if you're going
to run that as your primary firewall then I suggest you get your
network equipment sorted out since all communications would
have to pass through that firewall in order to reach the Internet.

There are also plenty of other nice firewalls which are free to use
which uses Linux as the main operating system, however I can't
remember those right now but they shouldn't be too hard to find.

It's hard to say which one you "should" use since most of these
firewalls are actually just GUI's for the same thing in the end.

Update Note:
Keep in mind that a firewall like this is indepent and will not filter
outgoing traffic of the machines on your network, so if none of
the computers on your network has a client-firewall installed such
as Zone Alarm then all programs on those computers will try to
access the Internet no matter what. (All of the programs, that
needs / wants Internet access of course.)

If you set up your firewall to only allow outgoing connections on
port 80 then you must make sure that the programs and games
you're going to use on your home network must support proxies
and that your firewall is able to handle large amounts of traffic.

An alternative could be a hardware based firewall device but that costs money.

If you're behind a router and you're using a VLAN setup like most
people do then the internal firewall wont do much good. Except
if you use it to filter outgoing traffic which most routers can do
as well. If you're looking for a way to detect hack-attacks inside
your network a HIPS (Host-Based Intrusion Prevention System)
or perhaps an IDS (Intrusion Detection System) might be the solution.

[phen1x]

Thanks TheXero and MaXe. And MaXe that's exactly what i want, something that will help to detect hack-attacks inside my network. I don't know anything about HIPS and the only IDS i came across (or really wanted to use) was Snort but i always seem to have trouble installing it. I guess i'm gonna have to do more research on those two.
By the way, what do you think about this one: http://www.astaro.com/products/astar...ware-appliance

[MaXe]

Astaro is pretty cool, I've used it once and it was easy to set up and use :-)

Not sure if it was "free" but it was pretty cool, you should try it out ;-)

[phen1x]

Ok.. thakns, will do :). Do u think there is any other there better than Astaro?

[MaXe]

Most of these "firewalls" are actually just interfaces to iptables and ipchain etc. :-)