Came here in search of an answer to a problem, but didn't find it? Visit the forum @, pick a category and ask a question.

Feature overview of Linux and BSD firewall and router distributions

I am reading page: 1 2

Note: This post features two, long tables. Unless you want to scroll from here to Timbuktu, it is highly recommended that you do not try to view this (post) on a single page, that is, do not click the “View All” link above or below this post.

The material presented in this table is based on a default installation of the distros. Some distros (IPCop, IPFire, pfSense, Smoothwall Express, and Untangle, for example) are modular by design, and the basic functionality can be extended by an additional installation of plugins, addons, or mods.

FeaturesIPCopIPFirepfSenseSmoothWall ExpressZeroshell
Based onLinux (kernel 2.4)Linux (kernel 2.6)FreeBSD, but using openBSD's pfLinux (kernel 2.6)Linux (kernel 2.6)
InstallerNcursesNcursesText-basedNcursesNo installation. Boots and runs from CD
ManagementBrowser-based (HTTP & HTTPS), console, shell (SSH) Browser-based (HTTPS), console, SSHBrowser-based (HTTP & HTTPS), console, SSHBrowser-based (HTTP & HTTPS), console, SSHBrowser-based (HTTPS), console, SSH
InterfacesWired (wireless not detected during installation) Wired and wireless. Wired and wireless. Bridge. Wired (wireless not detected during installation) Wired (wireless not detected during setup). Bridge, interface bonding
VLAN SupportNoNoYesNoYes
WiFi ModeNoAP, only if hostapd is installed. Requires manual configuration if installedAccess Point (AP), BSS, IBSSNoAP (with Multiple/Virtual SSID support) or a wireless client
Failover/Load Balancing/HANoNoServer and gateway failover (CARP) and active-active inbound and outbound load balancing. Failover with state table replication.NoYes
RoutingStatic routesStatic routes Static routes, RIP, BGP, OLSRStatic routesStatic routes, RIPv2 (with MD5 or plain text authentication)
Captive PortalNoNoYes (HTTP and HTTPS). "Reverse" portal not supportedNoYes. "Reverse" portal not supported
Network ServicesDHCP, Dyn DNS, NTP, Traffic shaping (QoS)DHCP, DNS, NTP, NAT, QoSDHCP, Dyn DNS, NAT, QoS, NTP, IPv6 tunneling, Wake on LAN. Network, host and port aliasesDHCP, DNS, Dyn DNS, NTP, NAT, QoSDHCP, DNS, Dyn DNS, NTP, NAT, QoS
Firewall & VPNStateful Packet Inspection (SPI) firewall. Site-site and remote access IPSec VPN. SPI firewall. Site-site and remote access IPSec VPN. Site-site SSL VPNSPI firewall. Site-site and remote access IPSec and SSL VPN. PPTP serverSPI firewall. Site-site IPSec VPN. SPI firewall. Remote access IPSec VPN. Site-site and remote access SSL VPN
Web ServicesWeb proxyTransparent Web proxyNoWeb proxyNo
Mail ServicesNoNoNoPOP3 proxyNo
IM & P2PNo NoNoIM proxyNo
VoIP ServicesNo NoNoTransparent or non-transparent SIP proxyNo
IDS/IPSIDS (Snort)IDS, with Snort Community and VRT rulesNoIDS (Snort)No
Authentication, AuthorizationLocalLocal, RADIUS, IDENTD, LDAP, Active DirectoryLocal, RADIUSLocalLocal, RADIUS, NIS, LDAP, Kerberos 5, Active Directory interoperability
Logs/ReportsLocal and remote syslogLocal and remote syslog. System and traffic SVG graphs, bar and pie charts. Hardware-health graphsLocal and remote. Real time and historical usage SVG and RRD graphsLocal. System and traffic graphs, bandwidth barsLocal and remote syslog. MRTG graphs (most graphs require activation key)
Backup/RestoreYes, with backup encryptionYesYes. Optional fee-based auto backup with encryption of archivesYesYes. Config saved to external media
Updates/UpdatingManual system updatesAutomatic system and signature updates. Automatic addon installationManual and automatic system updates (your choice)Automatic system updatesAutomatic system updates.
Minimum Hardware RequirementsIntel x86 and alpha architectures. 12 MB+ RAM, 250 MB+ HDPC (x86 and x86-64) and embedded systems.
96 MB+ RAM
Intel x86 and ia64, amd64, powerpc, pc98, sparc64. 128 MB+ RAM, 1 GB+ HD. 128 MB compact flash card for embedded systems. Standard PC - Intel/AMD 32- and 64-bit architecturesPC (x86 and x86-64) and embedded systems. 96 MB+ RAM
License/PriceFree Software, GPL license. No IP address restrictionsFree Software - GPLv2 license. No IP address restrictionsFree Software, BSD license. No IP address restrictionsFree Software, GPL license. No IP address restrictionsFree Software - GPLv2 license. No IP address restrictions
LinksRead more IPFireRead more Read moreRead more

HE: Home Edition
CE: Community Edition
Table 1 on Page 1 features Astaro, Endian, EnGarde, Untangle, and Vyatta.

I am reading page: 1 2

Digital Ocean SSD VPS Cloud Server droplets

Digital Ocean is a VPS/Cloud hosting provider. For just $5 per month, you can get yourself a Cloud server with 512 MB of RAM, 20 GB super-fast SSD, free snapshots, plus backups for a minimal fee. All via a simple graphical interface.

And by signing up with this referral link, you can help support this website.

If you are reading this, your ad could also be occupying this space. Contact us to make it happen.

If commenting on this article is closed, please post your comments at


  1. FTP Hosting says:

    Luinux comes preconfigured so, ideally, you just have to install it and play.

  2. Toms web ftp says:

    You can replace your routers with a small or old PC that performs all the functions and then some! They are able to handle more connections than an expensive Cisco router too.

  3. Aaron Bylund says:

    Would love to see ClearOS added to this comparison!

Leave a Comment