Considerations for a self-made enterprise-class firewall

Product list

big players

heavy-load

• Cisco ASA
• Juniper SRX
• Sophos XG Firewall

also worth mentioning

• Mikrotik (linux-based, own front-end to Netfilter)

out-of-the-box OSS products

• OPNsense (formerly pfSense)
• pfSense (fbsd-based)
• NVIDIA Cumulus Linux (not much on the firewall front, just its own front-end for Netfilter ACLs)
• VyOS (debian-based, also its own netfilter front-end)
• IPFire
• IPCop Firewall
• Smoothwall
• Shorewall
• ConfigServer Security & Firewall (CSF)
• Endian Firewall Community (EFW)
• ClearOS + Linux Firewall

Low footprint

• OpenWrt
• LibreCMC
• DD-WRT
• Openwall
• LEAF Project
• fli4l

diy

• Linux Netfilter
  • iptables
  • nftables
• Linux eBPF
• FreeBSD IPFW vs. legacy PF - SMP
• OpenBSD PF
• DragonFlyBSD legacy PF
• NetBSD NPF (SMP)

Hardware

What product can be shipped as dedicated hardware?

What is the alternative?

==> just make sure you got the right NIC!

https://www.dragonflybsd.org/cgi/web-man?command=ix

High Throughput and Offloading Performance

see nic-10gbe

NGFW

Which ones are DPI-capable?

Resources

Open Source NGFW / Top 5 in 2022 https://syncbricks.com/top-5-best-free-ngfw-firewall/

Top 10 Open-Source Firewalls https://em360tech.com/top-10/open-source-firewalls

8 Best Open Source Firewall to Protect Your Network https://geekflare.com/best-open-source-firewall/

oss low footprint

https://en.wikipedia.org/wiki/List_of_router_and_firewall_distributions https://en.wikipedia.org/wiki/Comparison_of_firewalls