Pessoalmente, adoro e recomendo Monowall .
* web interface (supports SSL)
* serial console interface for recovery
o set LAN IP address
o reset password
o restore factory defaults
o reboot system
* wireless support (access point with PRISM-II/2.5/3 cards, BSS/IBSS with other cards including Cisco)
* captive portal
* 802.1Q VLAN support
* stateful packet filtering
o block/pass rules
o logging
* NAT/PAT (including 1:1)
* DHCP client, PPPoE, PPTP and Telstra BigPond Cable support on the WAN interface
* IPsec VPN tunnels (IKE; with support for hardware crypto cards, mobile clients and certificates)
* PPTP VPN (with RADIUS server support)
* static routes
* DHCP server and relay
* caching DNS forwarder
* DynDNS client and RFC 2136 DNS updater
* SNMP agent
* traffic shaper
* SVG-based traffic grapher
* firmware upgrade through the web browser
* Wake on LAN client
* configuration backup/restore
* host/network aliases