Firewall distribution recommendation please
I have been using Securepoint (linux-based, hardened firewall, commercial but free for personal use), it is very nice but administration is becoming a pain since administration must be done in windows and does not recognize domain names when defining rules.
Can you recommend one that matches at least the must-haves below?
- Must be a distribution designed to be a hardened firewall on a dedicated PC(not a firewall implemented using a "generic distribution").
- Must support multiple zones (one network card per zone), preferably 4 or 5.
- Must allow defining firewall rules as follows:
--- Able to (or even default to) stopping all traffic except management.
--- Able to define rules either inbound or outbound (in other words I might want to block HTTP outbound).
--- Able to define both the source and destination for a rule as an IP (i.e.:192.168.1.5), a subnet (i.e.: 192.168.1.0/24), or a domain (i.e.: microsoft.com - for those pesky update sites that keep changing their IP addresses).
- Have a relatively easy to use management interface, prefereably one that can be used in Linux and Windows.
- It must be solid and stable enough to run for months without reboot... easy one with linux.
- Must be free :)
- Auto-update feature, in case they issue security patches on any of the linux components that the firewall depends on. I can probably live without this if no firewall has it.
- It would be extremely nice if it was possible to distinguish or separately log packets that were blocked by "explicit rules" versus rules that basically say "block anything that I did not explicitly authorize". Even better if the "anything else" logs were routinely emailed to the administrator for analysis.
Thank you for reading this far.