At our office we actually run a few separate networks to make sure that our main servers have the best protection available. For two of our three networks we run a free firewall based on Linux.
Our favorite product for our free firewall is IPCop, which is an open-source product currently up to version 1.4.11. The free firewall will run even on low powered equipment that would otherwise probably be retired in most settings.
Here is a list of some of the features that are built into the base level installation of IPCop:
- Secure https web administration GUI
- DHCP Server
- Proxying (Squid)
- DNS Proxying
- Dynamic DNS
- Time Server
- Traffic Shaping
- Traffic/Systems/Firewall/IDS graphing
- Intrusion Detection (Snort)
- ISDN/ADSL device support
- VPN (IPSec/PPTP) functionality
One of the great things about IPCop is that you can quite easily expand the firewall with quite a few add-ons that are readily available on the Web.
The IPCop web-site has very good documentation for how to set-up the firewall, if you are looking for a more robust package though you can find instructions on installing IPCop + Copfilter over at HowtoForge: The Perfect Linux Firewall Part I — IPCop.
This is the process that we went through when we last built an IPCop firewall and it produces a very robust and easily managed free firewall solution.