Ten Effective and Efficient Open Source Firewalls
A firewall protects a network from unwanted intrusions. Open source provides many effective firewalls. Let’s take a look at some of the best among them.
In this era of hackers and spammers, security is paramount. We need to implement reliable firewalls to protect our business networks. A firewall works as a security guard between internal and external networks. It inspects everything coming to and going from a network, and controls the network traffic by implementing security rules.
Some of the best open source firewalls pfSense
pfSense is a free and powerful open source firewall used mainly for FreeBSD servers. It is based on stateful packet filtering. It has a wide range of features that are normally only found in very expensive firewalls. Figure 1 lists a few features of pfSense.
ClearOS
ClearOS is a powerful firewall that provides us the tools we need to run a network, and also gives us the option to scale up as and when required. It is a modular operating system that runs in a virtual environment or on some dedicated hardware in the home, office, etc. Solutions provided by ClearOS are described in Figure 2.
ClearOS installation is very straightforward and painless. Once the installation is done and we’ve got into the Webbased administration system, we can easily familiarise ourselves with it to set up the firewall rules quickly. The most important feature of ClearOS is usability. It is a simple, easy and clean way to manage firewall rules, settings, etc.
Untangle
Untangle is an easy-to-use, easy-to-install, lightweight firewall OS. It provides a way to protect and monitor network traffic.
Features
Network services: It enables us to manage DNS services like DHCP. We can apply NAT rules, router configurations, etc. It can be used as an add-on in transparent bridge mode.
It has a simple GUI user interface.
Content filtering: It enables us to filter the traffic based on groups, MIME, file extensions and file type. We can generate different reports for Web traffic.
Security services: Virus, spam and ad blockers are provided by Untangle.
Firewall: We can allow or block traffic from some specific IP addresses or port numbers.
VPN: It has an open VPN.
Reports: We can view different reports on topics like the top users, top sites used, top downloads, etc.
IPFire
IPFire is another open source Linux based firewall, which can be used by the SOHO segment. IPFire has implemented the stateful packet inspections firewall, which stores information about each connection. This will help to provide security over the network. It is very easy to manage, and is modular and highly flexible.
The features of IPFire can best be seen in Figure 3. As IPFire uses stateful packet inspection, it can associate every packet’s transit to the connection. This information can be used to open the path for response packets automatically. The firewall figures out the rule for the opposite direction automatically.
Smoothwall
Smoothwall is an open source Linux firewall that is very flexible. It has a Web interface named Web Access Manager, which is highly configurable. And it has a clean design that is easy to understand and manage.
Some of the features of Smoothwall are illustrated in Figure 4. Other than the above features, Smoothwall also provides solutions outlined below:
Protects your network from Web-borne malware attacks
Schedules reports on user activities and enables you to view requests in real-time
Controls non-Web traffic such as Skype and BitTorrent
Filters guest mobile devices on your Wi-Fi network
Prevents circumvention of your Acceptable Use Policy
Uses social networks productively
Easily builds filtering policies based on the user, category, time and location
Shorewall
Shorewall is a popular Linux open source firewall, which is built upon the NetFilter system on Linux machines. It uses the iptables tool to access configuration files. It is a robust firewall system, which can be used over large networks. It is nothing but the command line environment which interacts with text configuration files. We can set the interfaces, the policies that apply to interfaces and the exception in policies by using the configuration files. Shorewall configures NetFilter using these configuration files with the help of the iptables utility.
Shorewall can be used on a standalone Linux machine, on a dedicated firewall system or as a multi-function gateway.
The features of Shorewall are illustrated in Figure 5.
Endian Firewall
Endian Firewall is a full-featured unified threat management solution, which uses the stateful packet inspection concept based firewall. It can be deployed as a proxy, gateway, and router with Open VPN.