Open Source Firewalls

What is your goto opensource firewall? I'm looking for something with a nice UI for a small home network. pfSense is something I used before but I don't remember it being very pretty.

Comments

  • ufw/iptables on cloud stuff, openwrt on home FW

    People overestimate their needs on FW frankly. iptables rules cover most usage cases which basically any FW distro will cover

    Thanked by (3)skorous vish ivysaur
  • edited October 23

    VyOS (no nice UI I'm afraid)

    Thanked by (2)vish lanefu
  • CSF - manually setup the GUI.

    Thanked by (1)vish

    lowendinfo.com had no interest.

  • edited October 23

    I'm using OPNsense on three locations, pretty happy with it after running for 1 1/2 years.

    Thanked by (1)vish
  • PfSense > OPNsense > IPFire

    Thanked by (1)vish
  • Go with either pfSense or OPNSense. pfSense has had some issues with their plans to go pseudo-closed-source/commercial with the community supported edition becoming an after thought. As a result OPNSense is gaining a fair bit of traction. Both are quite similar usability wise but takes some getting used to the menus/UI depending on what you were previously familiar with. Either way, can't go wrong with it. The GUIs and status/dashboard/overview is pretty usable and quite informative.

    iptables is great if your needs are simple but if you want any sort of (multi WAN) failover, loadbalancing or VLANs and isolation of that sort, things can become a little tedious to script and put in place from scratch.

    Thanked by (2)vish ivysaur
  • +1 for OpnSense if you just need to turn a PC into a router & firewall. In a professional/business setting I'd suggest pfSense due to Netgate's backing of them (which means commercial support and things of that nature), though you do need to spend extra cash on higher end hardware that meets the minimum requirements (such as supporting cryptographic acceleration via hardware, usually through Intel's AES-NI or similar) compared to OpnSense, which is much more like "old" pfSense in that it'll run on just about anything from the last 15 years unless you're really trying to push throughput through it (1Gbps+). I should note that having AES-NI on OpnSense is a good idea as well, because it will significantly speed up VPN performance and offload some work off of the CPU, but it is not a strict requirement, where as it's required (last I checked) on pfSense.

    If you want something with a simpler GUI (but less features), OpenWRT also runs on x86: https://openwrt.org/docs/guide-user/installation/openwrt_x86

    Thanked by (1)vish

    Cheap dedis are my drug, and I'm too far gone to turn back.

  • Straight up Alpine Linux + Awall

    Thanked by (2)vish ivysaur

    The all seeing eye sees everything...

  • ehabehab Content Writer

    @terrorgen said:
    Awall

    is that still developed? i liked it at first and used it but then faced problems with docker.

  • anyone ever use one of these? or has experience with it? I know it is not open source, but I'm curious.

  • @vish said:
    anyone ever use one of these? or has experience with it? I know it is not open source, but I'm curious.
    EdgeRouter X pic

    I considered this model but ended up deciding for pfSense because it's more feature rich. If you just want a simple solution that works it seems to fit the bill but for me it lacks some key features like OpenVPN.

    Thanked by (1)vish
  • @ehab said:

    @terrorgen said:
    Awall

    is that still developed? i liked it at first and used it but then faced problems with docker.

    Looks like last build date was in September 2021, so it's still developed.

    Thanked by (2)vish ehab

    The all seeing eye sees everything...

  • @vish said:
    anyone ever use one of these? or has experience with it? I know it is not open source, but I'm curious.

    I've had a few people use them. They work well but are more routers and less firewalls. The firewall features on them is pretty bare bones.

    Thanked by (2)vish ehab

    Cheap dedis are my drug, and I'm too far gone to turn back.

  • @AlwaysSkint said:
    CSF - manually setup the GUI.

    CSF is not opensource it is however freeware

  • @jaapmarcus said:

    @AlwaysSkint said:
    CSF - manually setup the GUI.

    CSF is not opensource it is however freeware

    Indeed. My bad.

    lowendinfo.com had no interest.

  • I like the community around OPN more than that around PFS, but functionally they're very similar. PFS acquiesced on dropping support for non-AES-NI CPUs. ERX is cheap and functional as fw but not terribly powerful as a router, as others have said. OPN/PFS on most commodity hardware can firewall gigabit, even with VPN, but may struggle with suricata depending on ruleset. If you need to firewall 10G, VyOS with DPDK is probably the move.

    Thanked by (1)CamoYoshi
  • PFsense and Opnsense with CARP is being used in production for a lot of projects I work on. Saying that you won't go wrong with either of them UI is much better these days. And both community will respond better and quicker than paid support unless you pay six figures.

    Thanked by (1)vish
  • @CamoYoshi said:

    @vish said:
    anyone ever use one of these? or has experience with it? I know it is not open source, but I'm curious.

    I've had a few people use them. They work well but are more routers and less firewalls. The firewall features on them is pretty bare bones.

    I'm running zone firewalls and conditionally applying route tables based on network. Edgeos is very capable from CLI

  • @lanefu said:

    @CamoYoshi said:

    @vish said:
    anyone ever use one of these? or has experience with it? I know it is not open source, but I'm curious.

    I've had a few people use them. They work well but are more routers and less firewalls. The firewall features on them is pretty bare bones.

    I'm running zone firewalls and conditionally applying route tables based on network. Edgeos is very capable from CLI

    Does EdgeOS utilize parts of the regular Linux userland, or is it just Linux kernel with their own OS/commands for everything (like MikroTik's RouterOS, which I'm familiar with)?

  • @flips said:

    @lanefu said:

    @CamoYoshi said:

    @vish said:
    anyone ever use one of these? or has experience with it? I know it is not open source, but I'm curious.

    I've had a few people use them. They work well but are more routers and less firewalls. The firewall features on them is pretty bare bones.

    I'm running zone firewalls and conditionally applying route tables based on network. Edgeos is very capable from CLI

    Does EdgeOS utilize parts of the regular Linux userland, or is it just Linux kernel with their own OS/commands for everything (like MikroTik's RouterOS, which I'm familiar with)?

    There's a debian userland. You can enable apt repos and install stuff. I run haproxy on mine

    Thanked by (1)flips
  • @havoc said:
    ufw/iptables on cloud stuff, openwrt on home FW

    iptables is legacy :tongue: we should migrate to nftables eventually! iptables will eventually be deleted, like ipchains before it.

  • ehabehab Content Writer

    @Daniel said:
    iptables is legacy :tongue: we should migrate to nftables eventually! iptables will eventually be deleted, like ipchains before it.

    once docker , k8s start using nft then it will happen fast.

Sign In or Register to comment.