Linux Firewalls – well Linux is an open source based operating system and as such, programmers have developed different firewall applications for it. Some are built into the operating system distribution package, Ubuntu, Suse, Red-Hat etc…

There are also other firewall applications built as a separate software based on the Linux operating system kernel. These firewalls are like the Turtle, Zorp GPL, LutelWall, Guarddog, IPcop, SmoothWall, PfSense and more…

The best deal about all of these firewalls, is that they are all free. They are based on an open source operating system, and as such, they are free of charge. Instead of paying for a very expensive firewall device unit, you might consider, preparing a computer, with Linux operating system, and a well configured Linux based firewall.

* IPTABLES: The IPTABLES is part of the Linux kernel applications which is part of the Netfilter modules, that enables system administrators to configure the firewall tables, using chains and rules to define the firewall restrictions. The IPTABLES can only be configured by the administrator privileges done under the user “Root”.

* Turtle: This application is based on Kernel 2.4 and IPTABLES. This is a pretty simple firewall to use and understand and you can define different of the firewall elements like the zones, hosts, networks etc… You also get to manage and decide which of the services to enable. The simplicity is that you can do all that by editing an XML file or by using Webmin (Linux web interface).

The application includes:

• — ZONES, NETWORKS, HOSTS and GROUPS definitions.
• — Filter rules definitions based on services.
• — New services definitions.
• — NAT (Network Address Translation)
• — Masquerading

* Zorp GPL: This is a proxy based firewall. This application enables the fine tuning of a proxy using a built in script language. It is using SSL, POP3 and HTTP protocols and it also supports the FTP, FINGER, WHOIS, TELNET protocols to set the rules of accessibility.

* LutelWall: This one is a high-level Linux firewall configuration tool. This tool enables an easy to use secured way to setup “Netfilter“. This tools is flexible and enables system administrators, to build a simple (home like) firewall, up to a most sophisticated and complex firewall. You can use multiple Sub-Nets, DMZ, traffic directions etc… It is a great tool for dedicated firewall systems, or a standalone system as a multifunction gateway/router/server. This is a tool that enables the use of the simplicity and ability of open source Linux operating systems.

• — Traffic features includes: Flexible traffic management, using rules, multiple external and internal interfaces, masquerade and sNAT support, easy setup of DNAT, LAN and DMZ, TOS (Type of Service) for optimizing traffic, FTP, DHCP and more.
• — Security features includes: TCP chains, blocking of many types of access and scanning protocols, TCP/IP Fingerprinting, Anti-spoof and Anti-smurf protection,  Flood protection.
• — Logging features includes: Logging FIN, Xmas, Tree, Null, ACK scan modes and any fingerprints being used.
• — Other features in additions are: Auto detection of static/dynamic connection, automatic updates for the firewall tools, showing firewall statistics in native IPTABLESexported to CSV or HTML format.

* Guarddog: This is a firewall configuration utility for Linux systems. This program is intended for both beginners and intermediate users who do not master TCP/IP networking and security. This application has a GUI (easy to use graphic user interface) that enables a simple description of what you need the firewall to do, and the system enables it, without a deep understanding of what exactly goes under the hood of it all.

* IPcop: This tool is most commonly being used on SOHO devices. This one also has a web-interface configuration panel, which is very user friendly. (IPcop Manual)

* SmoothWall: This version is a GPL Linux distribution system, designed to be an open source firewall. This application has a web-based GUI which require almost no knowledge of the Linux operating system to configure it’s firewall system. This system is based on the Red-Hat Linux distribution operating system.

* PfSense: This FreeBSD operating system based application is designated to be used as a firewall or a router. This solution offers a more cost effective advanced featured firewall for the personal computer (PC). This replaces a more commercial expensive firewall solution.

There are of course many other open source, Linux based firewall applications and systems, but those are some examples of what you can do (“do it yourself”) in terms of building your own free firewall system.

Some Additional Info

• How to setup a Debian Linux firewall
• Quick how to – IPTABLES – explanations
• Top 5 Best Linux Firewalls

Anyone that knows Linux, knows that this operating system, enables so many solutions, and they are part of the Linux operating system package. You can gain almost any type of services you need, by either using the built in services on the operating system after the installation (which means they are coming installed within the OS) or by doing a simple update/download and install of new services which are not built in, It is as simple as that.

I will give some examples from the UBUNTU Linux operating system, which is one of my favorite, and it is very simple to use. Installing a service is almost made by using one simple command – called APT-GET (This command goes to find the service you need, download it, and installs it on your Linux system. Mostly it means the service will be installed and running on the system. Sometimes you might need to edit some configuration files, in order to fit it into your network definitions.

The most important issue that you need to remember is that Linux enables you to do anything you want. Linux is being used by many and some prefer to use it and not use the Microsoft Windows Operating System which is so common.

Linux has many operating systems, some are server based (no graphical interface needed) and some are suitable for client side computers/laptops, they do include X-windows which is the graphic interface of a Linux based operating system. Linux has many different graphical interface distributions, which actually means that those distributions are actually a fully functional operating system, with the needed packages of services. Each Linux distribution include different packages, and different GUI interface (which means the graphical side looks a bit different).

The base of them usually works the same, but some of them are based on different Linux Kernel, so the commands are a bit different, and needs to get used to. That is usually why most Linux users get to know one type of a Linux kernel that they get along best with and they stick to that OS and Linux Kernel, on their future Linux experiences.

So let go over some examples of what you can do with the Linux operating system, and how simple things are when defining new services to the system.

Linux Firewall:

Linux has a built in mechanism called IPTABLES, this is a port filtering mechanism, that enables you to set rules for what can pass through the system and what can’t. Firewall rules are mostly port based, any service has its own port, and by defining which ports are allowed and which are not, you can create your own firewall based on that built-in mechanism. All you will need is to place two network card on your Linux, and let the traffic pass through the Linux machine, as it controls the rules of passage. When IPTABLES is empty and no rules are applied, it means anything can go through from outside in, and from the inside out. This option is mostly used by the Linux Server systems.

* Article on how to set a simple Linux Firewall

Another option if you want a graphical management console to define the firewall:

For Linux Desktop – that includes X-Windows (a Graphic interface), you can use the FWBUILDER (Firewall Builder). This tool enables a graphic management interface, that enables you to define the firewall rules, like the tools used on firewall routers (like the CISCO PIX).

* Using fwbuilder to create a Linux firewall

Linux web server:

The Linux web server is mostly based on the APACHE service. Since most application use PHP, and databases, you can use the MYSQL, and of course PHP, so you need to install them as well, and some other tools that can assist you. Below are the basic tools you will need to create a full functional web server, which includes all of the needed services.

• Apache 2 – Linux Web server
• MySQL 5 – MySQL Database Server
• PHP4/5 – PHP Scripting Language
• phpMyAdmin – Web-based database admin software.
• Webalizer – Website Traffic Analyzer
• Mail Server – Postfix (MTA) with Dovecot IMAP/POP3 + Sasl Authentication
• Squirrelmail – A web based email
• VSFTP – A fast ftp server to upload files
• Webmin – A freely available server control panel
• ClamAV – Antivirus software.
• A Firewall using IPtables.

* Build Your Own Web Server

So to summarize, you can do whatever you want to with Linux, just search the internet and see how easy it is.