A firewall protects a network from unwanted intrusions. Open source provides many effective firewalls. Let’s take a look at some of the best among them.
In this era of hackers and spammers, security is paramount. We need to implement reliable firewalls to protect our business networks. A firewall works as a security guard between internal and external networks. It inspects everything coming to and going from a network, and controls the network traffic by implementing security rules.
Some of the best open source firewalls
pfSense is a free and powerful open source firewall used mainly for FreeBSD servers. It is based on stateful packet filtering. It has a wide range of features that are normally only found in very expensive firewalls. Figure 1 lists a few features of pfSense.
ClearOS is a powerful firewall that provides us the tools we need to run a network, and also gives us the option to scale up as and when required. It is a modular operating system that runs in a virtual environment or on some dedicated hardware in the home, office, etc. Solutions provided by ClearOS are described in Figure 2.
ClearOS installation is very straightforward and painless. Once the installation is done and we’ve got into the Web-based administration system, we can easily familiarise ourselves with it to set up the firewall rules quickly. The most important feature of ClearOS is usability. It is a simple, easy and clean way to manage firewall rules, settings, etc.
Untangle is an easy-to-use, easy-to-install, lightweight firewall OS. It provides a way to protect and monitor network traffic.
- Network services: It enables us to manage DNS services like DHCP. We can apply NAT rules, router configurations, etc. It can be used as an add-on in transparent bridge mode.
- It has a simple GUI user interface.
- Content filtering: It enables us to filter the traffic based on groups, MIME, file extensions and file type. We can generate different reports for Web traffic.
- Security services: Virus, spam and ad blockers are provided by Untangle.
- Firewall: We can allow or block traffic from some specific IP addresses or port numbers.
- VPN: It has an open VPN.
- Reports: We can view different reports on topics like the top users, top sites used, top downloads, etc.
IPFire is another open source Linux based firewall, which can be used by the SOHO segment. IPFire has implemented the stateful packet inspections firewall, which stores information about each connection. This will help to provide security over the network. It is very easy to manage, and is modular and highly flexible.
The features of IPFire can best be seen in Figure 3.
As IPFire uses stateful packet inspection, it can associate every packet’s transit to the connection. This information can be used to open the path for response packets automatically. The firewall figures out the rule for the opposite direction automatically.
Smoothwall is an open source Linux firewall that is very flexible. It has a Web interface named Web Access Manager, which is highly configurable. And it has a clean design that is easy to understand and manage.
Some of the features of Smoothwall are illustrated in Figure 4.
Other than the above features, Smoothwall also provides solutions outlined below:
- Protects your network from Web-borne malware attacks
- Schedules reports on user activities and enables you to view requests in real-time
- Controls non-Web traffic such as Skype and BitTorrent
- Filters guest mobile devices on your Wi-Fi network
- Prevents circumvention of your Acceptable Use Policy
- Uses social networks productively
- Easily builds filtering policies based on the user, category, time and location
Shorewall is a popular Linux open source firewall, which is built upon the NetFilter system on Linux machines. It uses the iptables tool to access configuration files. It is a robust firewall system, which can be used over large networks. It is nothing but the command line environment which interacts with text configuration files. We can set the interfaces, the policies that apply to interfaces and the exception in policies by using the configuration files. Shorewall configures NetFilter using these configuration files with the help of the iptables utility.
Shorewall can be used on a standalone Linux machine, on a dedicated firewall system or as a multi-function gateway.
The features of Shorewall are illustrated in Figure 5.
Endian Firewall is a full-featured unified threat management solution, which uses the stateful packet inspection concept based firewall. It can be deployed as a proxy, gateway, and router with Open VPN.
Some of the features provided by the Endian Firewall are displayed in Figure 6.
- Endian is a bi-directional firewall
- It protects the network from Internet threats
- By analysing the traffic flow, it prevents intrusion into the network
- It has VPN with IPsec, which provides a secure and simple VPN tunnel through which many users can connect from a remote location
IPCop is an open source Linux firewall which is secure, user friendly, stable and easily configurable. It provides an easily understandable Web interface to manage the firewall. It is most suitable for small businesses and local PCs.
- It is a stable, secure and easily configurable firewall based on Linux
- Administrative tasks can be performed easily through the built-in Web server
- It can obtain its IP address from the ISP using a DHCP client
- It can configure your machine using a DHCP server
- It provides a DNS proxy which helps in speeding up domain name queries
- It provides a Web caching proxy which speeds up Web access
- To prevent intrusion into the network, IPCop has a well-defined intrusion detection system
It divides the network into different zones:
- Green – Internal trusted network and protected from the Internet
- Blue – Wireless semi-trusted network
- Orange – Publicly accessible servers
- Red – Internet connected via USB, modem, etc.
- It provides support for multiple languages
- It provides traffic shaping capabilities, which give highest priority to interactive services over lower priority tasks such as FTP
- It provides VOPN support with x509 certification
- We can choose the kernel configuration that is optimum for us
VyOS is open source and completely free, and based on Debian GNU/Linux. It can run on both physical and virtual platforms. It provides a firewall, VPN functionality and software based network routing. It also supports paravirtual drivers and integration packages for virtual platforms. Unlike OpenWRT or pfSense, VyOS provides support for advanced routing features such as dynamic routing protocols and command line interfaces.
Its features are described in Figure 7.
UFW or Uncomplicated Firewall
UFW is iptables with less complexity and, hence, is more user friendly. It is the default firewall for Ubuntu servers. Creating an IPV4 or IPV6 host based firewall is also possible by using UFW, which provides a user friendly framework that helps us to manage command line interfaces and NetFilter. UFW also has a GUI interface along with the command line. The GUI tool of UFW is called GUFW, which makes working with the system simple.
The features of UFW are shown in Figure 8.