Feature overview of Linux and BSD firewall and router distributions
I am reading page: 1 2
Note: This post features two, long tables. Unless you want to scroll from here to Timbuktu, it is highly recommended that you do not try to view this (post) on a single page, that is, do not click the “View All” link above or below this post.
The material presented in this table is based on a default installation of the distros. Some distros (IPCop, IPFire, pfSense, Smoothwall Express, and Untangle, for example) are modular by design, and the basic functionality can be extended by an additional installation of plugins, addons, or mods.
| Features | IPCop | IPFire | pfSense | SmoothWall Express | Zeroshell |
|---|---|---|---|---|---|
| Based on | Linux (kernel 2.4) | Linux (kernel 2.6) | FreeBSD, but using openBSD's pf | Linux (kernel 2.6) | Linux (kernel 2.6) |
| Installer | Ncurses | Ncurses | Text-based | Ncurses | No installation. Boots and runs from CD |
| Management | Browser-based (HTTP & HTTPS), console, shell (SSH) | Browser-based (HTTPS), console, SSH | Browser-based (HTTP & HTTPS), console, SSH | Browser-based (HTTP & HTTPS), console, SSH | Browser-based (HTTPS), console, SSH |
| Interfaces | Wired (wireless not detected during installation) | Wired and wireless. | Wired and wireless. Bridge. | Wired (wireless not detected during installation) | Wired (wireless not detected during setup). Bridge, interface bonding |
| VLAN Support | No | No | Yes | No | Yes |
| WiFi Mode | No | AP, only if hostapd is installed. Requires manual configuration if installed | Access Point (AP), BSS, IBSS | No | AP (with Multiple/Virtual SSID support) or a wireless client |
| Failover/Load Balancing/HA | No | No | Server and gateway failover (CARP) and active-active inbound and outbound load balancing. Failover with state table replication. | No | Yes |
| Routing | Static routes | Static routes | Static routes, RIP, BGP, OLSR | Static routes | Static routes, RIPv2 (with MD5 or plain text authentication) |
| Captive Portal | No | No | Yes (HTTP and HTTPS). "Reverse" portal not supported | No | Yes. "Reverse" portal not supported |
| Network Services | DHCP, Dyn DNS, NTP, Traffic shaping (QoS) | DHCP, DNS, NTP, NAT, QoS | DHCP, Dyn DNS, NAT, QoS, NTP, IPv6 tunneling, Wake on LAN. Network, host and port aliases | DHCP, DNS, Dyn DNS, NTP, NAT, QoS | DHCP, DNS, Dyn DNS, NTP, NAT, QoS |
| Firewall & VPN | Stateful Packet Inspection (SPI) firewall. Site-site and remote access IPSec VPN. | SPI firewall. Site-site and remote access IPSec VPN. Site-site SSL VPN | SPI firewall. Site-site and remote access IPSec and SSL VPN. PPTP server | SPI firewall. Site-site IPSec VPN. | SPI firewall. Remote access IPSec VPN. Site-site and remote access SSL VPN |
| Web Services | Web proxy | Transparent Web proxy | No | Web proxy | No |
| Mail Services | No | No | No | POP3 proxy | No |
| IM & P2P | No | No | No | IM proxy | No |
| VoIP Services | No | No | No | Transparent or non-transparent SIP proxy | No |
| IDS/IPS | IDS (Snort) | IDS, with Snort Community and VRT rules | No | IDS (Snort) | No |
| Authentication, Authorization | Local | Local, RADIUS, IDENTD, LDAP, Active Directory | Local, RADIUS | Local | Local, RADIUS, NIS, LDAP, Kerberos 5, Active Directory interoperability |
| Logs/Reports | Local and remote syslog | Local and remote syslog. System and traffic SVG graphs, bar and pie charts. Hardware-health graphs | Local and remote. Real time and historical usage SVG and RRD graphs | Local. System and traffic graphs, bandwidth bars | Local and remote syslog. MRTG graphs (most graphs require activation key) |
| Backup/Restore | Yes, with backup encryption | Yes | Yes. Optional fee-based auto backup with encryption of archives | Yes | Yes. Config saved to external media |
| Updates/Updating | Manual system updates | Automatic system and signature updates. Automatic addon installation | Manual and automatic system updates (your choice) | Automatic system updates | Automatic system updates. |
| Minimum Hardware Requirements | Intel x86 and alpha architectures. 12 MB+ RAM, 250 MB+ HD | PC (x86 and x86-64) and embedded systems. 96 MB+ RAM | Intel x86 and ia64, amd64, powerpc, pc98, sparc64. 128 MB+ RAM, 1 GB+ HD. 128 MB compact flash card for embedded systems. | Standard PC - Intel/AMD 32- and 64-bit architectures | PC (x86 and x86-64) and embedded systems. 96 MB+ RAM |
| License/Price | Free Software, GPL license. No IP address restrictions | Free Software - GPLv2 license. No IP address restrictions | Free Software, BSD license. No IP address restrictions | Free Software, GPL license. No IP address restrictions | Free Software - GPLv2 license. No IP address restrictions |
| Links | Read more | IPFire | Read more | Read more | Read more |
HE: Home EditionCE: Community EditionTable 1 on Page 1 features Astaro, Endian, EnGarde, Untangle, and Vyatta.
I am reading page: 1 2
Tags: comparative reviews
Reach out & follow us
TwitterFollow us on Twitter
Google PlusJoin a prestigious circle
RSS FeedSubscribe to our RSS Feed
EmailReach out to us via email
Recent Comments
-
Rick Collier: Sorry, my first effort regrettably was rushed and not withou…
-
finid: Instead of using BackTrack 5, why not get Kali Linux, which …
-
backsick: hey the screen shot you provided isn't for backtrack 5 r3 …
-
-
Upgrade from Windows 8
Luinux comes preconfigured so, ideally, you just have to install it and play.
You can replace your routers with a small or old PC that performs all the functions and then some! They are able to handle more connections than an expensive Cisco router too.
Would love to see ClearOS added to this comparison!