We're currently running IPSec VPNs (tunnel mode) between our various ADSL lines. We'd also like to run some VPNs to our colocated server in Maidenhead.
So for example our current 192.168.1.0/24, 192.168.2.0/24 subnets would be tunnelled for example to 192.168.10.0/24 and then VLANed on to our server (possibly via a separate cable or pair of cables).
We could use a Firebrick 105 - but they don't do IPSec...
We could buy a 1U or smaller firewall to do this, and we'd also have to pay for the ongoing space, power, ports etc...
Possible Solution:
Could A&A's FB6000s do this for us? We'd be prepared to pay for this service, some £-tens per month (the website says £15.10 for a FB105, it would probably cost us more for our own IPSec/firewall device).
We're using mainly Draytek Vigor 2820s which can do IKE with preshared keys or x509 certificates.
I usually maintain a list of blacklisted IP addresses (from SSH bruteforce attacks, IP scanning, etc...), where I just drop all the inbound traffic. It'd be great if I could upload a simple filter, perhaps iptables/ipfw/BPF, to get traffic from these addresses dropped before it even has to cross my ADSL line.