Exact matches only
Search in title
Search in content
Search in posts
Search in pages

Feature overview of Linux and BSD firewall and router distributions

I am reading page: 1 2

Note: This post features two, long tables. Unless you want to scroll from here to Burkina Faso, it is highly recommended that you do not try to view this (post) on a single page, that is, do not click the “View All” link above or below this post.

There are more than a dozen distributions listed under the Firewall and Router category on this site (see the sidebar), with many more over at Distrowatch. And that’s a good thing: The more to choose from, the better. Question is, which one is the best? Or more correctly, which one is right for your needs? Since I don’t know what features you are looking for in a firewall cum router distro, the best that can done – to aid your search – is to present the features of all the distros in a manner that makes it easy for you to choose, to see which distro has the features that you need.

The material presented in this table is based on a default installation of the distros. Some distros (IPCop, IPFire, pfSense, Smoothwall Express, and Untangle, for example) are modular by design, and the basic functionality can be extended by an additional installation of plugins, addons, or mods.

Table 1

FeaturesAstaro Security Gateway HEEndian Firewall CommunityEnGarde Secure Linux CEUntangle Network GatewayVyatta CE
Based on (Linux or BSD)Linux (kernel 2-6)Linux (kernel 2-6, optional xenU kernel installation), rpm package managerLinux (kernel 2-6), apt and rpm package managersLinux (kernel 2-6), apt (Debian) package managerLinux (kernel 2.6). apt (Debian) package manager
InstallerMenu-type installerMenu-type installerMenu-type installerGraphical installerText-based installer
ManagementBrowser-based (HTTPS), shell (SSH), consoleBrowser-based (HTTP & HTTPS), SSH, consoleBrowser-based (HTTPS), SSH, consoleBrowser-based (HTTP & HTTPS), GNUstep desktopBrowser-based (HTTPS), shell (SSH), console
InterfacesWired (wireless not detected during installation). Link aggregation. Bridging with aging timeout and ARP broadcastsWired (wireless not detected during installation). WAN interface aliasing. BridgingWired (wireless not detected during installation). Virtual interfacesWired (wireless not detected during installation). Transparent BridgeWired and wireless. Link aggregation (bonding), bridge
VLAN SupportYesNoNoYesYes
WiFi ModeNoNoNoNoNo
Failover/Load Balancing/HAYes (uplink failover and multipathing). Server load balancing. Active-passive and active-active HANoNoNoYes - WAN load balancing, clustering
RoutingStatic routes, RIP, OSPF. Policy-based routingStatic routesStatic routesStatic routesStatis routes, RIP, RIPng, OSPF, BGP,
Captive PortalYesNoNoNoNo
Network ServicesDNS, Dyn DNS, DHCP, NTP, NAT, Traffic shaping (QoS), SIP, H.323DNS, Dyn DNS, DHCP, NTP, Traffic shaping (QoS)DNS, NTP, SSH, Web (Apache), FTP (vsftpd), mail (Postfix)NAT, DHCP, DNS, QoSDHCP, DNS, NTP, QoS
Firewall & VPNStateful Packet Inspection (SPI) firewall. Site-site and remote access SSL and IPSec VPN. PPTP, L2TP over IPSec. Cisco VPN clients supportedSPI firewall, SSL/TLS and IPSec VPNShorewall firewall, SELinux Mandatory Access Control. PPTP VPN.SPI firewall. Site-site and remote access SSL VPNSPI firewall. IPSec and SSL VPN. PPTP
Web ServicesWeb/FTP proxy, URL filtering, DoS, DDoS attacks, worms, and anti-virus protectionWeb/FTP/DNS proxy, content filtering, DoS, DDoS protection, anti-virusApache and FTP serverWeb proxy. DoS, URL and file (application) filtering. Tracking/ad cookies, and ActiveX controlsWeb proxy
Mail ServicesSMTP/POP3 proxy. Anti-spam, anti-virus, anti-phishing and email encryptionSMTP/POP3 proxy. Anti-virus, anti-spam. Black/white listingsSMTP, sPOP3, sIMAP serversSMTP/POP3/IMAP proxy, with SMTP tarpitting. Anti-spam, anti-virus, anti-phishing, ad-blocking, anti-spywareNo
IM and P2PMulti-service IM and P2P protocol controlsNoNoMulti-service IM and P2P protocol controlsNo
VoIP ServicesStateful VoIP support. SIP and H.323SIP proxyNoSIP and H.323 controlsNo
IDS/IPSIPS with real-time signature updates. TCP SYN, UDP, and ICMP flood protection. Anti-portscanIDS with Sourcefire VRT and Community rules. TCP SYN, ICMP flood protection. Anti-portscan Network and AIDE host IDSYes. Signature- and heuristic-based IPSYes
Authentication, AuthorizationActive Directory, eDirectory, RADIUS, Tacacs+, LDAP, LocalActive Directory, RADIUS, LDAP, Local, NTLM single sign-on (SSO)Local, LDAPLocalLocal. RADIUS
Logs/ReportsLocal, remote syslog. Automatic log file deletion. Real time log viewing. Report graphsLocal, remote syslog. Limited report facilities. System and traffic graphsReal time attack graphs, real-time log analysis.Summary, detail, and per user reports in pdf or HTML format. Automated email report delivery Local and remote syslog
Backup/RestoreAutomaticAutomatic, with GPG encryption of backup archivesAutomaticAutomaticYes
Updates/UpdatingAutomatic signature (anti-Virus, IPS, Docs) download/install. Automatic system updatesAutomatic signature updates. Manual system updatesAutomatic system updates via GDSNAutomatic (IPS, virus) signature updates. Automatic system updatesAutomatic
Minimum Hardware RequirementsStandard PC. Intel x86 or compatible. 1024 MB+ RAM, 20 GB HD, 1.5+Ghz processorStandard PC. Intel/AMD x86, x86-64 processors. 512 MB+ RAM, 4 GB HD.Intel/AMD x86, x86-64 processors. 512MB+ RAM, 4GB HD. Hardware RAID supportStandard PC. Intel/AMD-compatible Processor - minimum 750 MHz P IV. 1 GB+ RAM, 80 GB HDIntel x86 and alpha architectures. 2 GB+ HD
License/PriceASG-HE comes with GPL and free, non-GPL applications. You may choose to use only GPL apps. Good for no more than fifty, active IP addressesFree Software, GPLv2. No IP address restrictionsFree Software, GPLv2. No IP address restrictionsUntangle Server and 13 of the application packages are Free Software (GPLv2), with no IP address restrictions. Other "Pro" packages are fee-basedFree Software. Components under various Free Software licenses. No IP address restrictions
LinksRead moreRead more Read moreRead moreRead more

HE: Home Edition
CE: Community Edition

Table 2 on Page 2 features IPCop, IPFire, pfSense, SmoothWall Express, and Zeroshell.

I am reading page: 1 2

Exact matches only
Search in title
Search in content
Search in posts
Search in pages
Digital Ocean SSD VPS Cloud Server droplets

Digital Ocean is a VPS/Cloud hosting provider. For just $5 per month, you can get yourself a Cloud server with 512 MB of RAM, 20 GB super-fast SSD, free snapshots, plus backups for a minimal fee. All via a simple graphical interface.

And by signing up with this referral link, you can help support this website.

If you are reading this, your ad could also be occupying this space. Contact us to make it happen.

If commenting on this article is closed, please post your comments at forum.linuxbsdos.com.


  1. FTP Hosting says:

    Luinux comes preconfigured so, ideally, you just have to install it and play.

  2. Toms web ftp says:

    You can replace your routers with a small or old PC that performs all the functions and then some! They are able to handle more connections than an expensive Cisco router too.

  3. Aaron Bylund says:

    Would love to see ClearOS added to this comparison!

Leave a Comment