Top 5 Best Linux Firewalls

The internet has made our world a lot easier place to live in but it has also introduced us to the downside of cyber crimes. Danger looms around every corner and given today’s connections which are always on, the internet is akin to a burglar without us even realizing this fact. This is where firewalls come to our rescue. Firewalls keep out malicious hackers and seek to limit access to a server or computer, letting in only the people who are meant to be there. Most modern routers have a built in firewall which although helpful can be difficult to configure. Thankfully we have operating system Linux distros (distributions) which are specifically designed to function as firewalls. These generally have much more advanced features as compared to that of a router and allow you to have far greater control over maintaining network safety for your personal or business use.

Firewall

Here we have discussed the top 5 Linux firewalls from the massive choice of firewalls available so that you might have an idea about which might be best suited to your specific computer setup.

IPFire

IPFire uses a Stateful Packet Inspection (SPI) firewall that is built on top of the utility Netfilter.The project’s wiki also hosts a security tightening guide to create firewall rules for usual scenarios.

This distro can compartmentalize networks based on their particular security levels using a basic colour-coded system. It also allows the creation of custom policies to manage individual networks.

It can be used as a VPN gateway, a proxy server, an infrastructure server, a caching name server, a content filter, an update accelerator etc. When used as an internet gateway the distro can connect to the internet through various technologies including Ethernet, VDSL, ADSL, and 3G/4G.

It is written from scratch and has a straightforward installation process. Its UI makes it easier to configure several components, such as OpenVPN.

While the interface is simple to use, it requires some expertise for effective deployment.
The IPFire project hosts detailed documentation in wikis, its German and English forum, an IRC channel and dedicated mailing lists.

IPFire comes with Pakfire, an extensive package management utility that allows it to expand on the basic installation. The updates to address security issues are also enabled by the package manager.

pfSense

pfSense uses a stateful firewall and can filter traffic by destination and source IP, IP protocol, and source and destination port for TCP and UDP traffic.

pfSense can be used as aVPN, load balancer, and traffic shaper. It offers three options for VPN connectivity including IPsec, OpenVPN, and PPTP. This distro can be flushed out into any kind of server.

It uses an automated installer which is capable of installing a custom kernel. It boots to a console-based interface that gives you the option to configure the network interfaces on the installed machine. You need to invest some time in learning the distro, especially if you need to use the add-on packages.

The sources of documentation for the pfSense distro are its handbook which comes with a gold membership subscription, a wiki, forums, mailing lists, and IRC.

pfSense also includes a package manager which can be used to install and update packages. The packages are grouped under categories, such as Services and Utility, Security and so on. The distro is configured to automatically install new versions of firmware and includes a host of diagnostic tools and utilities to troubleshoot the installation.

OPNsense

The OPNsense distro was forked from pfSense and offers pretty much the same features for the firewall and other aspects of the system. By comparison to pfSense, it has a better user interface and rewritten components, such as the captive portal.

OPNsense like pfSense can be used as VPN, load balancer, and traffic shaper and offers IPsec, OpenVPN, and PPTP as choices for VPN connectivity.

This distro follows the same straightforward installation procedure as that of pfSense. After installation, the distro boots to the command-line dashboard which also includes the address of the browser-based admin console. The admin interface of OPNsense is majorly distinguishable from that of pfSense.

OPNsense also has forums, a wiki, IRC and very comprehensive documentation covering every facet of deployment. Furthermore, the project has more than a dozen how-to’s on popular configurations/setups.

OPNsense also supports add-ons via the use of plugins but doesn’t offer as many packages as you get with pfSense. Although it can fetch and install updates for all the installed components.

Sophos UTM

Sophos UTM cuts off all traffic and then enables you to allow specific types, such as web and email, during initial setup. The server also includes an innovative category-based web filter that blocks sites based on the type of content.

The Sophos UTM server can be used as a site-to-site VPN solution and configure it to handle VoIP connections and balance load.

To get started with Sophos UTM you have to download the ISO, register on the project’s website, get a user license and upload it to the server for further configuration. Once installed, you can bring up the browser-based management interface and run through the brief setup during which you can upload the license.

The Sophos website hosts PDFs of the quick-start guide, an administrator’s guide, and community-supported bulletin boards. The Sophos Knowledge Base hosts articles on different aspects of the distro.

Sophos UTM is not shipped with any package management option as all features are included in the distro which can be enabled as per the requirement. The distro includes the Up2Date utility for installing updates to the firewall’s firmware, and for fetching newer patterns for components, such as the antivirus and the Intrusion Prevention System.

Sophos UTM can manage a network of up to 50 IP addresses for free. The distro includes a first-rate list of tools, many of which are similar to the paid enterprise edition. It enables the firewall as soon as it is installed and allows you to tweak the firewall to enable the flow of required traffic. This allows the inexperienced users to reap the benefits of the distro right from the start.

Untangle NG Firewall

Untangle’s hosted firewall can be set up via an easy to use interface. You can also gain granular control over the traffic by defining complex rules that combine multiple criteria.

Untangle does not come with any pre-installed components but its recommended package installs over a dozen applications and services including a web filter, spam blocker, application control, captive portal, virus blocker, WAN balancer, bandwidth control, as well as the firewall. Some of the applications that Untangle does not install are an ad blocker, intrusion prevention, and web cache.

The majority of Untangle’s apps in the free version are 14-day trials.

Untangle NG is very easy to set up and restarts automatically after installing into the web-based setup wizard. You have to set the password for the admin user, then point to and configure the two network cards – one that connects to the internet and the other the local network. Almost all the applications are preconfigured and run automatically after installation.

The Untangle project hosts forums, a FAQ, and its wiki pages have screenshots where applicable, along with some short tutorials.

With Untangle you have to use the interface to fetch any components you require. The distro has the ability to update the installation and its components. It can be configured to install updates automatically while setting up the distro and use the web interface to customize the schedule for the automatic updates.

Conclusion

These were some of the best Linux firewalls that are currently available. The selection of your distro will obviously depend on how you want to secure your network and also on the requirement of your setup. Although it is practically not feasible to list all the useful distros here informative articles like these should be able to help you in searching for a suitable firewall for your network.

Leave a Reply

Your email address will not be published. Required fields are marked *