I've just tested IPCop (http://www.ipcop.org/)
, and I must say it's pretty cool!
From their web site:
IPCop Linux is a complete Linux Distribution whose sole purpose is to protect the networks it is installed on. By implementing existing technology, outstanding new technology and secure programming practices IPCop is the Linux Distribution for those wanting to keep their computers/networks safe.
# Provide a stable Linux Firewall Distribution.
# Provide a secure Linux Firewall Distribution.
# Provide an opensourced Linux Firewall Distribution.
# Provide a highly configurable Linux Firewall Distribution.
# Provide an easily maintained Linux Firewall Distribution.
# Provide an easily configured Linux Firewall Distribution.
# Provide reliable Support to the IPCop Linux user base.
# Provide an enjoyable environment for the Public to discuss and request assistance.
# Provide stable, secure, and easy to implement upgrades/patches for IPCop Linux.
# Develop an appreciation for both the Linux and Opensource movements in our user base.
# Develop a long lasting relationship with our userbase.
# Strive to adapt IPCop to meet the needs of the Internet of Tomorrow.
# Further develop the Linux Knowledge base of all Project Members and Users.
Here's a partial list of features:
*IPTable network filters
*IDE, SCSI and CF (Disk on a Chip) drive support.
*Quad Network support:
oGREEN — Internal Trusted Network
oBLUE — Wireless Semi-Trusted Network (can be used a second Green)
oORANGE — DMZ for Internet accessed servers
oRED — The Internet connected via:
+USB Connected (w/ right driver):
*Multiple “Real” IP supported on RED when using a Static IP base.
*DHCP client support on RED to receive IP from ISP, also support for a dynamic DNS to be updated as this IP changes.
*DHCP server for GREEN and BLUE to simplify network setup and maintenance.
*NTP server and client for setting IPCop clock and supplying a common clock for internal GREEN and BLUE networks.
*Intrusion Detection for ALL networks (RED, ORANGE, BLUE and GREEN)
*Vitural Private Network (VPN) to allow multiple sites to act as single large network.
*Proxy Support for both Web Surfing and DNS support allow for “faster” connection response on and simplified network setup.
*Administration after initial load is via a secure Web Interface including:
oPerformance Graphics for CPU, Memory and Disk as well as Network throughput
oLog viewing with autorotation.
oMultiple language support.
*Use of older equipment. 386 or better. Version 1.4 has been tested on 486sx25 with 12M of RAM and 273M of hard drive. This was the oldest and smallest we could find we could find at the time of test. It was loaded via the Net Install option and supported a full Cable Modem download speed of 3Mb/s.
Administration is done over an easy-to-understand web interface. And the best is: you can use old hardware for it (e.g. PentiumI with 32MB RAM and 800MB HDD)!