10 Linux-based firewalls
Even today we talk about security on Linux systems. Some time ago I wrote an article on best NAS according to Amazon, and an article on how assemble a NAS “do it yourself”. Assembling a firewall is not the same thing, but it's not that different either. A firewall can effectively be an old computer with two or more network cards. One for out traffic, one to connect the LAN, others to connect any subnets (Wi-Fi, guest network, etc..). We all know the importance of having a secure server. The firewall is one of those fundamental components in a system or network that you declare “secure”. In short, a firewall is a computer that stands between the local network and the external network, monitoring, analyzing and managing inbound and outbound network traffic. The network administrator configures the firewall through a series of rules legitimizing some connections and blocking others to optimize the network and make it more secure.
There are dozens of open source solutions in this sense. In this article, I summarize the ten most popular Linux-based firewalls.
IPtables / Netfilter is the most popular and perhaps the most comprehensive command line solution for administering a firewall. Many network administrators use this software for their servers. Filter packets in the TCP / IP stack directly inside the kernel. Here is an overview of the main functions.
Features of IPtables
- lists the contents of the packet filter rule set,
- it is lightweight because it only inspects the packet header,
- the administrator can add / to remove / change the rules, depending on the need, in the package ruleset,
- supports backup / restore with file.
IPCop is an open source linux distribution. The IPCop team is constantly working to deploy a stable firewall, secure, user friendly and highly configurable. IPCop is manageable via web interface, it is very useful especially in the SOHO environment, but it can also be used in more complex situations.
Features of IPCop
- the color-coded web interface makes it easy to read CPU performance graphs, memory, disk and of course network traffic,
- allows log inspection,
- provides secure additional updates and patches, stable and easily configurable.
“Shorewall” the “Shorewall Firewall” is another very popular open source firewall, specialized for GNU / Linux. The software is built on the basis of Netfilter, which has direct kernel access and also supports IPv6.
Features of Shorewall
- uses Netfilter's connection monitoring facilities to filter packets,
- supports a wide range of router applications / firewall / gateway,
- it is administered via GUI with Webmin control panel,
- multi-ISP support,
- supports “masquerading” and “port-forwarding”,
- supports VPN connections.
UFW – Uncomplicated FireWall
UFW is the application to administer the default firewall on Ubuntu Server. And’ designed to be as less complex as possible and to embrace a wider audience of users. A GUI (GUFW) is available for download on Debian / Ubuntu and allows full administration.
Features of UFW
- supports IPv6,
- extended recording options ON / OFF,
- status monitor,
- can be integrated with other applications,
- rules for adding / removal / change based on user preferences.
Vuurmuur is another firewall manager for Linux (an application, not a distribution) to administer IPtables rules. At the same time, to use this software, it is not necessary to know the syntax of iptables.
Features of Vuurmuur
- supports IPv6,
- real-time monitoring and bandwidth use,
- can be effortlessly configured with a NAT,
- active anti-spoofing features.
pfSense is another open source firewall, available for FreeBSD server. It offers a long list of features, typically present only on commercial firewalls.
Features of pfSense
- the web interface allows configurations and upgrades,
- can be used as a firewall, router o server DHCP / DNS,
- it can be configured as a Wi-Fi access point or a VPN endpoint,
- traffic information in real time,
- load balancing IN / OUT.
IPFire is an open source software for Linux intended for home users or SOHOs. And’ a modular and flexible software. the IPFire community releases security patches. IPFire is developed as a firewall “Statefull Packet Inspector” (SPI).
Features of IPFire
- can be used as a firewall, proxy o gateway VPN,
- integrated intrusion detection system,
- support via Wiki, forum and chat,
- supports hypervisors such as KVM, VmWare and Xen for virtualized environments.
Smoothwall e Smoothwall Express
Smoothwall is a highly configurable open source firewall for Linux via a web interface known as WAM. A freely redistributable version of Smoothwall is Smoothwall Express.
Features of Smoothwall
- supports LAN, DMZ and wireless extensions,
- realtime content filtering,
- HTTPS filtering,
- supporta i proxy,
- allows the examination of logs and the monitoring of firewall activity,
- single IP based traffic management,
- simple backup and restore.
Endian is another firewall based on the “Statefull Packet Inspection”, which can be used as a firewall, router, proxy, gateway o VPN (con OpenVPN). It was originally developed on the basis of IPCop, which is also a fork of Smoothwall.
- two-way firewall,
- snort intrusion prevention,
- can protect a web server with HTTP and FTP proxies, antivirus e blacklist URL,
- can protect a mail server with SMTP and POP3 proxy, spam, autolearning, list grige,
- VPN con IPsec,
- real-time network traffic log.
ConfigServer Security Firewall
And finally, I tell you about ConfigServer. This is a cross platform firewall (Linux distributions only) very versatile. This firewall is also based on the concept of “Statefull Packet Inspection”, NON it is open source, but the license allows for unrestricted download and use, technical support is entrusted to the community through the forum, supports almost all virtualization environments, come Virtuozzo, OpenVZ, VMware, Xen, KVM and VirbualBox.
Features of CSF
- its LFD daemon process (Login Failure Daemon) check for failed login attempts of servers “sensitive” come SSH, SMTP, Exim, IMAP, Pure & ProFTP, vsftpd, suhosin e mod_security,
- the administrator can configure email alerts to notify unusual behaviors or system intrusions,
- easily integrates into popular web hosting providers such as cPanel, DirectAdmin or Webmin,
- notifies the excessive use of resources by a user and suspicious processes via email,
- protects Linux machine with Syn flood or ping of death attacks,
- check for security holes,
- start / simplified shutdown.
In addition to the firewalls just mentioned, there are many, come Sphirewall, CheckPoint, ClearOS available for Linux. You have a firewall installed on your Linux system, true? Which? Write it in the comments below.