ShadesOfGrey wrote:
Ok, I've got pretty much the same question as JJ did... Except I'm actually looking for anything BUT a Windows based solution. In-my-not-so-humble-opinion, Windows personal firewalls are all crap... Mostly because Windows is crap.
Anyway, I'm looking for an opensource or freeware firewall that is:
1.) Easy to use! And I mean really easy to use!!! My folks have a harder enough time turning their computer on and getting on the web! I need something even a great grandparent could use!
I've said it a bunch of times, but only because it's true -- I'm really impressed with
2wire's router interfaces. However, I gather they aren't the only game in town anymore, and some of the late-model devices from more familiar brands are supposed to have equal 'Click here if you want to play Quake' features.
2.) Can be run on a PC with as little as a Pentium 120MHz w/16MB RAM.
OpenBSD can fit on a DX2-66 with 16MB, though upgrading and patching in that environment can be... less than painless. And leaving a host 'useful' in case of compromise (gcc and other 'useful' tools present) is technically bad stewardship, so if you can find a cut-down 'appliance' distro (it's been a long time since I've looked at m0n0, and at first glance, it does seem whatever they've got going isn't half bad), feel free to use one instead.
3.) Has a host of remote management options (i.e. https, VNC, SSH, and/or X-server.)
Think about this for a second. You really mean you want one standard remote management option that's well-secured, right?
4.) Can 'instantly' notify a user of 'un-authorized' net access in much the same way Windows based personal firewalls do.
Think about this, too. Reporting an attack *blocked* by the firewall really isn't that interesting, unless you *are* a geek and curious about the latest worm going around. Better to run snort or an equivalent IDS within the perimeter, so you only throw alarms on actual problems.
The first three are essential. The fourth I'm not sure is possible, given that you probably need to hook into the client OS... But who knows, I've only recently started this odyssey. Any guidance would be welcome.
Well, if you have a generic *NIX box, you can run snort on any interface you like (before or after filtering), though how you distribute the notifications is a question left to the reader. (Winpopup?)
BTW, I should probably mention that I already have a 'hardware' firewall in the guise of a Linksys WRT54G router. Unfortunately the "ease of use" requirement disqualifies it. While I'm computer literate enough to use it, I know my folks are not. The last thing I want to do right now is be solely responsible for maintaining it or any other router, gateway, bridge, or firewall.
What are they running that requires changing or opening the ruleset at all?
...
To be honest, *any* decent firewall will block the majority of Stupid Windows Attacks. As such, I wouldn't stress *too* much, as long as you can find something that lets them run anything that does need to punch holes without too much pain. Bigger questions are whether Windows is secured from attacks a straight firewall can't block (IE exploits, Outlook exploits, even Firefox exploits) -- you can go nuts trying to configure snort + Hogwash to ensure everything stays pristine before it hits the hosts, but in the end, Norton (bleh) or the equivalent will probably keep their definitions as-or-more up to date, with less room for sysadmin error accidentally causing a DoS -- and how this wireless segment is being used, secured, and isolated from the rest of the LAN.