To have a stable, reliable firewall, there's an alternative to overpriced software and appliances like those sold by Checkpoint and F5. Linux machines, clustered with linux-ha and running iptables provide the same service without licensing hassles for features such as high availability clustering, NAT or VPN functionality (see OpenVPN).


Snort is an open-source intrusion detection tool that, when used with an appropriately restrictive firewall, can detect intrusion attempts against your services and apps.