Have you ever built a firewall from scratch?
Did you build it, thinking that you’d thought of everything, just to find out later than you missed something? I have… So when I decided to replace my old, tired, un-reliable Linksys SoHo router with a full blown firewall, I dug for pre-built linux-like firewall distributions.
A co-worker turned me on to Smoothwall Express. It runs a linux kernel, iptables, and a host of custom written seciruty apps. On top of that, there’s a whole team of coders/security guys working to develop it. AND you can download the whole source tree, and build it on your own!
I downloaded the Smoothwall Express 3.0 Beta SP2 ISO. Installed it, and loved the features! A day or so later, I decided that I wanted to limit the number of simultaneous connections allowed to my BBS, so i tried to add an ip connlimit rule to iptables…. NO! Ip-connlimit is busted. So i took the smoothwall down in an effort to find a better solution. Well, no better solution exists. So I spent A MONTH working on building a custom, from source, smoothwall, with a patched, and working ip-connlimit module. The end result? A rock solid firewall, with a ton of nifty geeky tools, AND connection limiting. One of the developers even hinted that he might be taking my work, and putting it into the release! Pretty nice if you ask me.