I'm planning to setup a small network (< 10 computers) and intend to set up a server to serve as my gateway / firewall. What Operating System (I'd prefer something *nix) and distribution should I use?

Things to consider:

  • Security
  • Low Maintenance
  • Ease of updating

What you suggest?

C. Ross
  • 2,995
  • 8
  • 32
  • 36

10 Answers10


m0nowall and Smoothwall are the two biggest I know of for turning an old PC into a firewall/router. I'd suggest digging through features and screen shots then playing with each a little bit.

  • 3,624
  • 21
  • 20
  • Links would be nice ... – C. Ross May 15 '09 at 18:27
  • Monowall is great .. Does just about as much as a checkpoint firewall for free – trent May 15 '09 at 19:26
  • Yeah, after paying for checkpoint and maintenance for a few years you'll love monowall at least for remote sites. ...And I'd probably suggest looking at netscreens if you need a big supported firewall for corporate HQ. – sclarson May 18 '09 at 16:08
  • Monowall (http://m0n0.ch/wall/) and it's related project pfSense (http://pfsense.com/) work great and are easy to use. – tegbains Jun 05 '09 at 07:05

For gateway/router I use one of the most secure os on earth : OpenBSD. For files server I use FreeBSD.

The project is widely known for the developers' insistence on open source code and quality documentation, uncompromising position on software licensing, and focus on security and code correctness. [...] OpenBSD includes a number of security features absent or optional in other operating systems and has a tradition of developers auditing the source code for software bugs and security problems.


  • 276
  • 1
  • 7
  • 1
    I was waiting for this answer. – C. Ross May 31 '09 at 00:33
  • 1
    We actually use OpenBSD on our organizations primary routers. Even with a decently sized network with several subnets and VLANs the performance on fairly modest PC hardware is still very good. It's also incredibly flexible. Pf is a great packet filtering framework, if you take the time to understand it. – Kamil Kisiel May 31 '09 at 01:16

Sounds like you might be interested in Smoothwall. I have not used it myself but I knew some people who worked on the project years back, and it has matured quite a bit. I have heard good things.

  • 5,879
  • 3
  • 23
  • 32

I know I am going against the flow when I suggest this, but I usually prefer to use a general purpose distribution like Debian. A custom build distribution like the others that have been suggested will work well if what you needs never really goes beyond the features offered. A general purpose distribution is usually a lot more flexible and is easier to adapt to server other functions. Also, with a general purpose distribution the skills you learn maintaining it are more reusable and directly applicable to other situations where you use that distribution.

  • 128,755
  • 40
  • 271
  • 413
  • I have to say, even though I didn't accept it, I really like this answer. I may end up doing it yet... – C. Ross May 18 '09 at 12:25
  • My argument against a general-purpose distro is that it presents a larger attack surface. – duffbeer703 May 31 '09 at 03:14
  • @duffbeer703 - From what I have seen some security appliances come with more crap installed and enabled by default then a standard server install of most distros. – Zoredache May 31 '09 at 04:29

I've had considerable success using a combination of Gentoo, iptables, and the excellent documentation (especially the Home Router Guide) that Gentoo supplies. Security's at least as good as any other Linux distro (and often better due to the GLSA project), and updating is as easy as emerge -u world.

In general, I find it's more customizable and flexible to use a general-purpose distribution and build your own firewall solution than it is to install a dedicated firewall distro. In the future, you can expand that box to also handle web proxying or mail delivery, among other things. And if you do, you know how to alter your firewall to make exceptions for those services, and you can secure them more easily.

  • 1,148
  • 1
  • 14
  • 23
  • any linux/unix distribution and iptables would definitely work for him but I think if he's looking for ease of administration the learning curve from "nothing" to "masquerading with iptables" is a bit much. – sclarson May 15 '09 at 19:12
  • The Gentoo docs actually do (IMHO) a really great job of explaining getting a router running from virtually nothing, including setting up iptables (and more importantly, why each command does what it does and how it fits into the grand scheme of the firewall). – Tim May 15 '09 at 20:28

I just saw in a related question a link for pfSense. It looks promising, although I haven't tried it yet. It's a fork of mOnOwall.

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router.

Here's the original answer I read.

  • 428
  • 2
  • 4

IPCop. Some screenshots, and from the FAQ:

IPCop can run on obsolete hardware that many companies are literally throwing away as "useless".

Updates are pretty easy. You can see them and install them directly from the web interface. For added security out of the box, install the BOT plugin and open things up as needed. There are also several other plugins that add features or make things easier.

Maintenance: Zero after initial config.

  • 3,172
  • 3
  • 24
  • 34

I have previous used ClarkConnect


ClarkConnect is a powerful and affordable Internet server and gateway solution. The software solution will give your organization enterprise-level server features at an affordable price.

Is built on the redhat CentOS distribution which makes it easy to modify.

It is very feature heavy including webservers, mail servers, etc so may not be dedicated enough for what your trying to achieve.

  • 746
  • 1
  • 9
  • 17

Untangle from untangle.com is a great option

  • 1,943
  • 12
  • 38
  • 53

Use Simplewall for ease of administrations with web-interface.

  • IPS(suricata)

  • Content Filter(squid)

  • QoS: Bandwidth Management(tc)

  • Block List(squidgaurd,geoip-country)

  • VPN(OpenVPN)

  • Iptable Firewall(Port-Map,IP alias,IP rules,DHCP,Forward DNS)