Firewall Builder (fwbuilder) is a graphical application that can help you to configure IP traffic filtering. It can compile the filtering policy you define into many specifications, including iptables and various languages used by Cisco and Linksys routers. Separating the actual policy you define and the implementation in this way should let you change what hardware is running your firewall without having to redefine your policy for that platform.
How do you setup your firewall? Do you use an application to help or do you us just write your own Iptables? This article looks at a firewall application called fwbuilder and shows you some of the features of this software.
Gibraltar Firewall 2.6, a Linux firewall distribution based on Debian, was launched yesterday as announced by Rene Mayrhofer. This will be the last release that will use the Linux kernel 2.4, as the next Gibraltar editions will use the 2.6 kernel. Among other things, this edition of Gibraltar offers improved traffic shaping performance (the iptables marking rules were re-ordered and the pre-defined traffic classes were improved), and allows SSL Explorer plugins to be installed.
Have you ever used the Gibraltar Firewall? Gibraltar provides the user with a web interface for setting up their firewall. Now it's available for the Linux 2.6 kernel. Also in this release they added full WLAN access point functionality.
The Shoreline Firewall, more commonly known as "Shorewall", is a high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities. http://www.shorewall.net/
Shorewall is a great firewall package for Linux it's, most distro's have packages available. What do you think about Shorewall? Do you have any other favorite firewall package.
Devil-Linux is a distribution which boots and runs completely from CD. The configuration can be saved to a floppy diskette or a USB pen drive. It was originally intended to be a dedicated firewall/router but now Devil-Linux can also be used as a server for many applications. Attaching an optional hard drive is easy, and many network services are included in the distribution.
Have you used any Linux distributions which are design to be used as a firewall or router? This article looks at the Devil-Linux distribution with some useful links to learn more about this Linux distro.
The KDE Guarddog program promises an easy Linux firewall setup with just a few clicks. Guarddog helps inexperienced users secure computers – and even whole networks – against attack.
The IPChains (Linux 2.2) and IPTables (Linux 2.4) tools configure the Linux firewall, but these commandline tools can be slightly cryptic for Linux newcomers. Simon Edwards developed Guarddog [1] to simplify the task of firewall configuration. Guarddog is a GUI-based configuration utility for managing firewalls. The Guarddog utility is licensed under the GPL and runs on either KDE 2 or KDE 3.
I am interesting if anyone as used KDE Guarddog and what do you think about it? I normally just manually add iptables from the command line but if this tool makes it easier then I am game.
Source: http://www.cyberciti.biz/faq/ - Posted by Ryan Berens
(The)Demilitarized zone, used to secure an internal network from external access. You can use Linux firewall to create DMZ easily. There are many different ways to design a network with a DMZ. The basic method is to use a single Linux firewall with 3 Ethernet cards. The following simple example discusses DMZ setup and forwarding public traffic to internal servers.
There's a little advanced know-how required here and he recommends a couple good firewalls to set up such functionality just in case this very useful guide doesn't fit the bill. If you are looking to set up a Linux Demilitarized zone a couple of options include EnGarde, IpCop and others.
Are you administrating a corporate network? How do you ensure securing your web services? There are many different solutions, but Iptables is one of the newer ones, and is up to the job.
With IT budgets getting tighter, managers need to trim costs. Service contracts are expensive for any technology; firewalls are no exception. Netfilter, the project that provides the packet filtering program Iptables, is a free firewall alternative. While it lacks the service contract of commercial solutions and a pretty interfaces to make firewall modification easy, it has solid performance, performs effectively at firewalling, and allows for add-on functionality to enhance its reporting and response functions.
A new blogger to the Linux Security space (he switched months ago), the owner of Fsckin w/linux took a trip to test Firewalls and Linux. From IPCop to Smoothwall to the 8MB Monowall, he compares and contrasts the value of each platform - but with a catch.
The HP Vectratesting platform we are using today is an HP Vectra slimline PC. Considering the computer was FREE (as in beer) after a company upgraded their workstations, the specifications are nothing to scoff at.
* Pentium III 500 MHz
* 192MB of RAM
* 1GB Transcend disk-on-chip IDE module
* Dual 100Mbps NICs
Michael Rash, the author behind "Linux Firewalls" chimes in about his background, his distro of choice, the current state of Linux security and much, much more.
He covers many issues and provides a lot of insight into security and Linux:
Question: What is the most interesting fact you've become aware of while researching for this book?
Intrusion detection systems and firewalls commonly offer the ability to tear down TCP connections by forging a RST packets, but the specifics of how this is done varies quite a bit across different IDS and firewall implementations. The most interesting fact I stumbled across during my research concerns differences in the handling of the ACK control bit on RST packets. For example,
IPFire is a linux based firewall distribution with a lot of extras. The base for the stable version 1.4.9 was the IPCop that has been hardly modified. There were added: Asterisk PBX, Samba, MorningReconnect, LPR-NG and many other things.
I've always been a fan of Shorewall and Firestarter - what have you used as a good base firewall setup? Any thoughts how this will match up in an enterprise server environment?
