what is the best linux firewall i am a major newbie ad i need to amke a linux firewall for work anyhelp is great email me at jeb_30@hotmail.com17 responses total.
This response has been erased.
is it free? thx for the response
Linux kernel has in-built firewalling capability in the form of netfilter. On how to setup and use it, see: http://www.linuxsecurity.com/feature_stories/netfilter-print.html OR http://www.linuxsecurity.com/resource_files/firewalls/packet-filtering- HOWTO/index.html Its open source and free. But as Dan pointed out, OpenBSD does a better job at being a firewall. For setting up an OpenBSD firewall, see: http://ezine.daemonnews.org/200207/transpfobsd.html OR http://www.openbsd.org/faq/pf/ --------------------------------------------------------------- May the source be with you!!
However, if you have a small network, a Cisco PIX 501 or a Sonicwall SOHO (approx $600 which is less than the cost of a PC you would run Linux/OpenBSD on typically) might be a cheaper and easier to manage option. Especially, considering you are a newbie and if you don't want to learn a new OS.
This response has been erased.
I agree with #1. I have an OpenBSD bridging firewall at work. pf's rule syntax takes a little getting used to but it's very powerful. It's efficient, too. I'm using a 166 MHz classic Pentium to filter a T1 line and it uses less than 50% CPU at full bore. (Obviously this will vary depending on how complex your rules are.) If you want more of a pre-packaged solution I think there are some Linux 'firewall on a floppy' packages out there, but I can't name any right off hand.
I've thought about doing a Linux or *nix firewall, but the hardware would suck a lot of power compared to one of those little consumer boxes which do firewall, Ethernet hub, and wireless access point. Especially since the little boxes are so cheap now.
A Netgear WAP plus firewall plus router sells for USD 110 on amazon. http://www.amazon.com/exec/obidos/ASIN/B0000C0XS0/ref=amb_bl_25138/002- 6291568-4183241
Which is basically what I've got - a Netgear box which does all that.
If one of those fits your needs, go for it. At work our needs were complex enough that the simple packet-filtering firewalls you can get cheaply weren't good enough. We needed something that could handle stateful filtering, and we already had some spare computers around, so the lowest-cost option was OpenBSD. At home since I already have a computer sucking up power as a web server/file server/NAT box, using it as a firewall as well was a no-brainer. :>
(Oh, one quarrel I have with some of the NAT/switch/wireless/firewall combo boxes is that they often only let you filter the incoming Internet connection. It would be nice to be able to firewall between the wireless interface and the rest of the network, too. Otherwise you're locking the front door but leaving the window wide open.)
This response has been erased.
If OpenBSD comes with free beer, I'm there!
"What is the best Linux firewall?" The best Linux firewall is any of the current mainstream Linux distributions installed with the most paranoid options. The question of what the best firewall is? Well, it depends. For one thing one might better ask what is the best network architecture. Why just one firewall? One might have the very best firewall on earth meanwhile the enterprise backups are being done by a third shift wetback making minimum wage. It would probably not be too hard to subvert such with minimal effort to take the "crown jewels" of the entity the firewall is protecting out the door in the pocket or backpack... The problem with a commercial solution is that typically the reaction time is far slower than an open source solution to bugs or changes. The problem with an 'open source' solution is that there is typically nobody or nobody with 'deep pockets' sufficient to get a name CPA firm to sign off on 'due diligence'. I guess the answer is "It depends". The question in #0 needs refinement as the answer would probably be different if the "for work" was a garbage hauling firm (not much money in hacking them) or a bank.
Re #1: I thought Linuxers were socially challenged egomaniacs. Oh, and Windows is the best thing since WAY before sliced bread. Yeah, right.
In Japan, space comes at a premium. If your home also happens to have a lot of tatami (three of our four main rooms are covered with tatami matts), cable routing also becomes an issue a lot of tatami. So I opted to use a symantec vpn/firewall 200r appliance to face the internet. This was a nice option for me as it packed a firewall, switched hub, vpn and if I had mutiple net connections, load balance into a small form factor. Within the internal network, I use a mix of openbsd (main server), linux (development) and a powerbook for the desktop, all which are locked down with their respective firewalling mechanisms in a relatively restrictive configuration. On the whole, I like using the symatec appliance as i believe there is less to go wrong. Having said that, I quite like OpenBSD's "pf" and would drop the symantec for an openbsd solution if I could find one that ran in a comparably small hardware form factor.
I run shorewall, which is really good and provides many great features. Go ahead h4x0r me: jebusnet.servebeer.com. www.shorewall.net
You have several choices: