The Verdict
Firewall distros
When it comes to firewalls, the stakes are high. One incorrect configuration or failed update could spell disaster for your home or office network. Your choice will partly be informed based on your experience. Power users may be comfortable manually inputting firewall rules and port configurations into Alpine’s Awall tool, but beginners will have a much easier setup with distros like IPFire, which takes you step by step through its colourful wizard and web interface.
Users with deep pockets might also benefit from the apps available in ClearOS’s marketplace, which has easily installable add-ons for network monitoring, preventing threats and filtering out certain websites. This makes it perfect for a business setup, provided you’re happy to pay the subscription fees.
Even if you’re not personally planning to maintain the firewall, you should always think hard about the update process. For instance, if you choose a distro like ClearOS, you may have to do a clean install in order to upgrade from one firewall distro to the next. This means you’d have little choice but to shut down your entire network while this is being done.
If running regular updates is too complex, your network admins will also be tempted to cut corners. This is one area where the command line shines, because entering a few commands can often be faster than clicking through multiple steps on a web interface, especially the paradoxical kind offered by Endian Firewall, which both does and doesn’t require you to register first…
Our Security section talks about some of the features of these specific distros, as well as the threats they’re designed to prevent. As a bare minimum, your firewall should have a hardened kernel, be capable of deep packet inspection, content filtering and have basic intrusion detection and prevention measures.
All the distributions we’ve reviewed here have clear online documentation, but if you need dedicated support, you should consider premium subscriptions with a service, such as VyOS or ClearOS. Nevertheless, fully free and open source projects such as IPFire and Alpine Linux have a better chance than a private company of being around 10 years from now.