Untangle – An Open Source Application Filtering Firewall

While I was adding some QoS Traffic Shaping to my IPCop firewall, I saw an ad for an open source Application Filtering Firewall project called Untangle.

They say:

Untangle delivers an integrated family of applications that help you simplify and consolidate the network and security products you need, in one place at the network gateway. The most popular applications let businesses block spam, spyware, viruses, and phish, filter out inappropriate web content, control unwanted protocols like instant messaging, and provide remote access and support options to their employees. Every downloadable application is pre-configured and guaranteed to work together.

  • All applications run on one off-the-shelf server
  • Pre-configured on-demand downloads
  • Integrated administration and reporting

It looks pretty promising and appears to be an all-in-one package that includes a firewall, email virus scanner and web proxy.

Sadly, looking in the forums for Untangle showed me that they don’t have any QoS or Traffic Shaping support yet. They are talking about adding it, but that’s the feature I am looking for right now.

So I installed the QoS_NG addon into my IPCop firewall and now I have to figure out what kind of shaping I really want and how to set it up.

Playing around with it last night I proved to myself that it was really working. I was changing the default class upload and download limits and then running one of the DSL speed tests. It was limiting my speed, so what I need to do now is figure out what classes I want to setup and then figure out how to apply the rules.

The end goal is to allow my web and mail server to have a fixed minimum in both directions, and to give my desktop a fixed minimum in both directions.

Then when my kids are watching YouTube videos I can still play TF2 without suffering from massive latency. 🙂

Look at the traffic graph and guess when the kids get home and hop onto YouTube:

I do have to say that so far I am very happy with my IPCop firewall. I will probably checkout Untangle at some point in the future, but IPCop is doing what I need it to do at the moment.