mouss wrote:
depends on your situation. if you don't have performance issues and no special configuration needs, then a low end commercial firewall would be enough. otherwise, you need to take the time to learn iptables, or find someone to help you build your firewall.
there are guis available. google is your friend. one that comes to mind now is fwbuilder.
Personally, if I was using the box as a firewall, lightweight network utility, VPN, router, NAT, or whatever else a typical gateway might handle, I'd run it on BSD and PF in a heartbeat over iptables. Linux's general adhesion to the ridiculously obtuse and difficult ipchains/iptables legacy is extremely unfortunate at best, and IMO, far less functional. Your entire PF configuration file (amazingly) named /etc/pf.conf can be easily less than 15 lines and cover quite a lot of ground.
Kinda reminiscent of the old IPFW, only evolved about 200 years, which would make it 10,200 years more evolved than ipchains/iptables.
:P
(*climbing back into Nomex in nuke bunker*)
Peter