Product Review: SmoothWall GPL

SmoothWall is a Firewall/Router Linux Distro.
It installs from a single CD (Downloadable ISO Image) and supports dialup, ISDN or ADSL connections. It uses (currently) a 2.2 linux kernel and ipchains, along with ip masquerading (NAT). It has Apache installed for web administration and offers SSH, Squid Proxy, Snort IDS and DHCP Server support.

As a firewall, it uses ipchains and has an optional DMZ configuration for public servers.

I currently have SmoothWall running on a P120 (Compaq Deskpro 5120) with 32MB RAM and an 8.4GB HDD. It runs perfectly well on that with my 56k modem connection, and supports automated redialling, dial-on-demand and disconnect after idle period support.

Whilst SmoothWall is an "out-of-the-box" kind of product, simply install it and run it, it is customisable as far as firewall rules and DMZ access, external service access etc. are concerned, and it supports update features from the SmoothWall website to addess security issues.

The downside many people dislike about products such as SmoothWall is that you can't tailor-make them for your own specific requirements like you can a custom-built Linux or *BSD firewall box, but if you're in a hurry to get a working (effective) firewall, SmoothWall is more than adequate.

Note: I fully intend to eventually replace my SmoothWall box with a home-built firewall based on Linux (or maybe FreeBSD 4.5) but in the mean time I'm more than happy with the performance and security offered by SmoothWall, and I have on several occasions let people try to break into it from the outside. Every time so far these attempts have failed, and have shown up in Snorts IDS Logs.

To conclude, SmoothWall is an effective firewall box, it doesn't consume resources on your workstation like a software firewall would, but it doesn't offer much in the way of raw power and ability to change things easily (the whole setup is designed to be changed only through the web admin interface, so it's difficult to do much by logging directly in.

SmoothWall makes a good firewall for people who need one immediately, but I would recommend replacing it with something more specific to your requirements as soon as you have the spare time and/or resources.