best linux firewall

[evilstrike]

My current firewall is running IPtables on Redhat with kernel version 2.4.18-3.
We are about to decomission the server running the firewall as it is running on old hardware and we decided to update to a new server.

My question is really simple. I would like to know which current linux distribution is considered most stable and secure for running IPtables. I would like to hear about some pro's and con's as to what distrubution suites firewalling the best.
the following 4 distributions are on my list
RedHat Fedora
SuSE
Gentoo
Debian

Please comment about which one would be best and give me some facts as to why one is better then the other.

I dont know much about Fedora or SuSE so if anyone is activelly using it as their main firewall feel free to tell me what you like or don't like about it.

Any other distributions are also welcome into the discussion.

[gtmtnbiker98]

Linux is Linux is Linux, they are all using the Linux Kernel. As for stability, they are all stable, they are Linux. Pick one most familiar and let it run. All the Linux firewalls employ either IP Chains and/or IP Tables to run IP Chains. As for a bear minimum install and zero fuss, try a firewall distro like IPCop and/or Smoothwall. These distros are minimalistic with an easy HTML GUI.

[Roxoff]

Yep, I agree with gtmtnbiker98, go for one of the dedicated firewall distros, personally I use Smoothwall, and I like it a lot, but there are others. They turn an old PC into a firewall appliance, so you dont have the security issues raised by having lots of non-firewall/userspace software on there.

If you do choose to cook your own firewall, then it doesn't matter what distro you use - you'll be setting up IPchains according to your own needs, and you'd be advised to rebuild the kernel to closely suit your hardware because you dont want anything in that could be used as a vulnerability. This is both complicated and rewarding - but you can probably see why I prefer using an off-the-shelf package.

[fingal]

Hi - This is slightly off topic, but you might also consider using Rootkit Hunter on your server to check for vulnerabilities. Even as a desktop user this is handy, because it does more than just check for rootkits: it also highlights software which needs patching ... especially if you generate a report.

I suppose my point is that in the rare event of someone breaching your firewall (unlikely I think) you'll be even safer than before. I ran a check on my system and found two hidden vulnerablities, one of which could have allowed a remote log-in via SSH from an ordinary user.

As for firewalls I use Shorewall and have another one built into my router. Just my 10 pence worth.

[Marsolin]

I would think that Debian would be. You can use the net installed CD to install a very minimal system and then only add the apps that you need. That should create less potential for security risks. If you decide to use Debian you might want to try running Bastille as well. It is a security hardening tool.

Another option is using a Linux firewall distribution like IPCop. There are other ones, but it's the first that comes to mind for me.

[mahlerfan]

On that list perhaps Debian Sarge is the most stable, but honestly I haven't had stability problems with any of those distros.

Here is a guide that you might find helpful for configuring iptables (also read the man page). Ignore the very first part on installing it, that's unique to Archlinux. But the rest is helpful.

http://wiki.archlinux.org/index.php/...firewall_HOWTO