Monday, February 22, 2010

Top 5 Best Linux Firewalls

As part of the contest we conducted recently, we got 160+ comments from the geeky readers who choose their favorite firewall.
Based on this data, the top spot goes to.. drum roll please..
iptables
If you are new to any of the top 5 firewalls mentioned here, please read the rest of the article to understand more about them.

1. Iptables

iptables is a user space application program that does packet filtering, network address translation (NAT), and port address translation (PAT).  iptables is for IPv4.  ip6tables is for IPv6.
iptables needs kernel with ip_tables packet filter (including Linux kernel 2.4.x and 2.6.x). Using iptables you can view, add, remove or modify the rules in the packet filter ruleset.

2. IPCop

IPCop is for small-office and home-office users. This is a Linux firewall distribution, that requires a separate low power PC to run the software. You can configure the firewall rules from a friendly web interface. This is a stateful firewall based on Linux netfilter.
You can take an old PC and convert it to a secure internet application with IPCop, which will secure the home/small-office network from internet and also improve web browser performance by keeping some frequently used information.

3. Shorewall

Shorewall firewall’s tag-line is: iptables made easy. It is also known as “Shoreline Firewall”. It is built upon the iptables/ipchains netfilter system.
If you have hard-time understanding the iptables rules, you should try shorewall, as this provides a high level abstraction of iptables rules using text files.
Shorewall contains the following packages:
  • Shorewall – Helps to create ipv4 firewall
  • Shorewall6 – Helps to create ipv6 firewall
  • Shorewall-lite – Helps to administer multiple ipv4 firewalls
  • Shorewall6-lite. Helps to administer multiple ipv6 firewalls
Additional information about shorewall:

4. UFW – Uncomplicated Firewall

UFW is a command line program that helps manage the netfilter iptables firewall. This provides few simple commands to manage iptables. Gufw is a graphical interface for the UFW that is used on Ubuntu distribution. It is very intuitive and easy to manage your iptables firewall using Gufw. You can run Gufw on any Linux distribution that has Python, GTK and ufw.
To allow ssh access in UFW you have to do the following. It’s that easy.
$ sudo ufw allow ssh/tcp

5. OpenBSD and PF

PF stands for packet filter. PF is licensed under BSD and developed on OpenBSD. PF firewall is installed by default on OpenBSD, FreeBSD, NetBSD.
PF does the following.
  • Packet Filtering
  • NAT
  • Traffic redirection (port forwarding)
  • Packet Queueing and Prioritization
  • Packet Tagging (Policy Filtering)
  • Excellent log capabilities
Additional information about PF:

Additional Firewall Software

Following are additional firewalls mentioned by readers along with the total number of votes it received.
  • CheckPoint FireWall-1 5
  • pfsense 5
  • Firestarter 5
  • Netfilter 4
  • SmoothWall Express 3
  • Guarddog 3
  • ipchain 3
  • Endian 2
  • Susefirewall 1
  • Cisco ASA/PIX 1
  • ClearOS 1
  • APF 1
  • Firewall Builder 1
  • Auto firewall in Puppy Linux 1
  • Drawbridge 1
  • Monowall 1
  • Firehol 1
  • SuSEfirewall2 1
  • Plesk 1

1 comment: