ok guys im going to be getting my schools server online, and the school has an EXTREMELY strict code on security, they would never open up the IP to the net unless i can prove its secure as hell, so i will need a firewall ofcourse, now the issue is, should i use the internal firewall in linux or get smoothwall and have it on a system running beside it? both are no problem i have plenty of old systems including the old server that i can use as the firewall.. but it needs to be as secure as possible, or do u guys know of a better firewall?

Thanks..

Use OpenBSD.

You can write your own rules for packet filter. Use a default deny policy and write rules that are exceptions to the firewall. I'd go ahead and make the machine do NAT and serve as your gateway.

so u think open is my best pick? oh and also is there a diff between freebsd and openbsd?

OpenBSD has pretty much all ports, etc.. closed by default(although the new 5.0 FBSD might have the same now). It's pretty much the one always recomended for Firewalls.

Theres also a ClosedBSD...
"ClosedBSD is a firewall and network address translation utility which boots off of a single floppy disk or CDROM, and requires no hard drive." but I haven't used it much.

Either way, many many people recommend the *BSD style firewalls over Linux's iptables, but it always seems to just be personal prefference.

so u guys dont think i should just use smoothwall?

In something like this, psychology is almost as important as security, especially if Joes (ie computer-stupid people) are in charge. Once you feel confident that you've picked something secure enough (ClosedBSD looks pretty good), make sure that your presentation is convincing and that you explain things in terms that your audience can understand.
BTW, what kind of school is this? College, high school, middle school?

Theories as to why BSD's get recommended:

1- OS's that get hacked more often than any other = windows and linux (redhat since its the most widely used distro).

2- OpenBSD's focus is on security.

3- *BSD's are really stable and reliable. When you're talking about services like Network Address Translation (NAT) and Packet Filter (firewall) those are things that are essential for the rest of the network to function, so its nice to have a machine that can run for years straight without a reboot.

This being said, there's nothing wrong with a slim linux firewall-type distro.

HMMM well this make me wonder on whether i should take my dualboot debian/mandrake (cant make up my mind :-D) server and turn it into a closed or open bsd server instead.. eh im to lazy to reconfigure it, il just make the old p2 500 into an openbsd firewall and tell the schools IT guy what to say.. first off its a highschool so i dont think its going to get hacked by anything more then stupid scriptkiddies, but u never know.. also check this out... the schools IT guy and Comp teacher know less then me, and the IT guy has an assistant that is getting paid and im doing most of his work... lol some screwed up stuff huh.. oh well il get community service, plus class credits and i can get a bunch of reccomendations when college comes around (soon, now where to go hmm lol)

If you know what you are doing then you can close anything up as tight as you want. OpenBSD is "sercure" because that's the main goal of the project, and it has a good reputation for being secure, but the tools used in OpenBSD are pretty much the same as found in anyother BSD or linux distro.

i didn't read much of this thread because I'm lazy, but why don't you just open the ports you need to the outside at the school's firewall? Does this school stupidly require a software firewall on their windows servers to be running? The whole point of a hardware firewall is so you don't have to have software ones on the internal computers.

Also, most high school IT guys are incompetant, that's why they're a high school IT guys.

As for switching to BSD, I see no reason to, when a sendmail or apache bug comes out it effects BSD just as much as Linux. They're more of a personal preference.

smoothwall is a good solution. You can be much more secure. However, it can become an incovenience. Smoothwall is a good compromise.