On Wednesday 29 November 2006 09:09, Aleksandar Milivojevic wrote: > I'm sure folks on the list will have many many more suggestions. I guess this is where the obligatory BSD post comes in. I personally think an enterprise distribution such as CentOS is a bit heavy for a firewall device (if indeed that's it's main purpose), an now use OpenBSD. I wouldn't necessarily recommend it as a server OS (and neither do some of the developers), but as a network device it really shines. The pf firewall is easy and intuitive, and with utilities like pftop (to show stateful sessions realtime), load balancing capabilities, and pfsync to handle seamless firewall failover, it really lives up to the hype. sasync for stateful/seamless failover of ipsec VPN connections is a nice touch too. It may not be the right fit for everyone (especially those that have very strict policies as to what usable hardware/software, but the small footprint and fact that everything I've mentioned so far is part of the OpenBSD OS proper and not a third party package lends a bit integration often missing in the linux world. OK, that's enough OpenBSD talk. I really am a CentOS fan at heart, I promise. -- - Kevan Benson - A-1 Networks