5 Open Source Firewalls You Should Know About

5 Open Source Firewalls You Should Know About

Regardless of the fact that pfSense and m0n0wall seem to obtain the lion’s share of thought from the available source firewall/router marketplace, together with pfSense edging out m0n0wall in the last couple of decades, there are numerous excellent firewall/router distributions accessible under the Linux and BSD. Every one these projects build on their various OSes native firewalls. Linux, for example, integrates netfilter and iptables to its kernel. The following is a (non-exhaustive) listing of some of these firewall/router distributions out there for Linux and BSD, together with a number of their capacities.

The Smoothwall Open Source Project was installed in 2000 so as to develop and preserve Smoothwall Express – a free firewall which includes its security-hardened GNU/Linux functioning system along with a easy-to-use internet interface. SmoothWall Server Edition has been the first merchandise from SmoothWall Ltd., started on 11-11-2001. It was basically SmoothWall GPL 0.9.9 with assistance provided from the business. Business Server included additional features like SCSI support, together with the capacity to boost functionality by means of add-on modules. Further modules published over time contained modules for traffic shaping, anti virus and anti-spam.

A version of Corporate Server named SmoothWall Corporate Guardian premiered, incorporating a fork of DansGuardian called SmoothGuardian. School Guardian was made as a version of Corporate Guardian, including Active Directory/LDAP authentication firewall and support features in a package designed specifically for use in universities. December 2003 saw the launch of smoothwall Express 2.0 along with a range of comprehensive written documentation. The alpha version of Express 3 premiered in September 2005.

Smoothwall is intended to run efficiently on older, more affordable hardware; it’ll function on any Pentium class CPU and over, with a recommended minimum of 128 MB RAM. Additionally there’s a 64-bit construct for Core 2 methods. Here’s a list of attributes:


Supports LAN, DMZ, and Wireless networks, also outside

External connectivity through: Static Ethernet, DHCP Ethernet, PPPoE, PPPoA using various USB and PCI DSL modems

Port forward, DMZ pin-holes

Outbound filtering

Timed access

Easy to use Quality-of-Service (QoS)

Traffic stats, such as per port and per IP levels for months and weeks

IDS via mechanically updated Snort principles

UPnP service

List of poor IP addressed to obstruct


Web proxy to get quick surfing

POP3 email proxy using Anti-Virus

IM proxy using actual time log-viewing


Reactive net interface using AJAX methods to provide Real-time data

Real time traffic charts

All principles have an optional Comment area for simplicity of usage

Log audiences for all Significant sub-systems and anti viral action


Backup config

Easy single-click program of pending upgrades

Shutdown and reboot for UI


Time Service for community

Create Smoothwall yourself utilizing the self-hosting”Devel” assembles

A stateful firewall made on the Linux netfilter frame that was originally a part of this SmoothWall Linux firewall, IPCop is a Linux distribution which aims to supply a simple-to-manage firewall appliance according to PC hardware. Model 1.4.0 was released in 2004, depending on the LFS supply along with also a 2.4 kernel, and also the current stable branch is 2.0.X, published in 2011. IPCop v. 2.0 integrates some Substantial developments over 1.4, including the following:

According to Linux kernel 2.6.32

New hardware support, such as Cobalt, SPARC and PPC programs

New installer, which Permits You to set up to flash or hard drives, also to select interface cards and assign them to specific networks

Accessibility to all Internet interface pages has become password protected.

A brand new user interface, such as a brand new scheduler webpage, more webpages on the Status Menu, an upgraded proxy site, a simplified DHCP server webpage, along with an authenticated firewall menu

The addition of OpenVPN service for virtual private servers, as a substitute for IPsec

IPCop v. 2.1 contains bugfixes and lots of further improvements, such as being utilizing the Linux kernel 3.0.41 along with URL filter services. Furthermore, there are lots of add-ons accessible, including advanced QoS (traffic shaping), email virus checking, traffic summary, extended ports for controlling the proxy, and a lot more.

IPFire is a completely free Linux distribution which may serve as a firewall and router, and may be maintained by means of a web interface. The supply offers picked sever daemons and can readily be enlarged to a SOHO server. It gives corporate-level network security and focuses on safety, stability and ease of usage. A number off add-ons may be set up to add more attributes to the foundation system.

IPFire uses a Stateful Packet Inspection (SPI) firewall, and this can be built on top of netfilter. During the setup of IPFire, the system is configured to different sections. This segmented security strategy means there’s a location for every single machine in the community. Each section represents a set of computers which share a frequent security level. “Green” signifies a safe location. This is the point where all typical customers will live, and is normally comprised of a wired local community. Clients Green can get the rest of the network segments without limitation. “Red” indicates risk or the link to the world wide web. “Blue” signifies the wireless portion of their local network. Since the wireless community has the capacity for abuse, it’s uniquely identified and particular rules govern customers onto it. Clients with this particular network segment has to be allowed before they can access the system. “Orange” signifies the demilitarized zone (DMZ). Any servers that are publicly available are split from the remainder of the system here in order to restrict security breaches. Moreover, the firewall may be used to control outbound online access from any section. This attribute provides the network administrator total control on how their system is configured and bonded.

Among the exceptional characteristics of IPFire is that the level to which it integrates intrusion detection and intrusion prevention. If something abnormal occurs, it is going to log the case. IPFire permits you to find these events from the interface. For automatic avoidance, IPFire has an addition known as Guardian that could be installed optionally.

IPFIre attracts many front-end drivers to get high-performance virtualization and may be run on many virtualization platforms, such as KVM, VMware, Xen and many others. But, there’s always the risk that the VM container safety could be bypassed somehow and a hacker could get access outside of the VPN. Because of this, it’s not proposed to use IPFire as an electronic server in a production-level atmosphere.

Along with these attributes, IPFire incorporates all of the features that you need to see in a firewall/router, such as a stateful firewall, an internet proxy, support for virtual private networks (VPNs) using IPSec and OpenVPN, and traffic shaping.

Since IPFire relies on a current variant of the Linux kernel, it supports a lot of the most recent hardware for example 10 Gbit network cards along with an assortment of wireless hardware from the box.

Some add-ons have additional requirements to carry out easily. On a system which is suitable for the hardware demands, IPFire can serve hundreds of customers concurrently.

Unlike another firewall/routers talked about in this guide, Shorewall doesn’t have a graphical user interface. Rather, Shorewall is configured via a set of plain-text configuration documents, even though a Webmin module can be obtained separately.

Since Shorewall is basically a frontend into netfilter and iptables, normal firewall operation is available. With Shorewall, it’s not difficult to prepare different zones, each with various rules, which makes it effortless to own, by way of instance, relaxed rules about the business intranet when clamping down on traffic arriving to the net.

While Shorewall once utilized a shell-based compiler frontend, because version 4, in addition, it utilizes a Perl-based frontend. IPv6 address support began using version 4.4.3.

PfSense is a open source firewall/router distribution based on FreeBSD for a fork over the m0n0wall project. It’s a stateful firewall which incorporates a lot of the performance of m0n0wall, for example NAT/port forwarding, VPNs, traffic shaping and captive portalsite. Additionally, it goes past m0n0wall, offering many innovative features, like load balancing and failover, the capacity of just accepting visitors from particular operating systems, simple MAC address spoofing, and Express VPN Windows app download utilizing the OpenVPN and L2TP protocols. Unlike m0n0wall, where the focus is much more on embedded usage, the focus of pfSense is on complete PC installation. Irrespective of this, a variant is supplied targeted for embedded usage.

Comments are closed.