Discover Firewalls News

Review: 7 Linux/BSD Firewalls

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A new blogger to the Linux Security space (he switched months ago), the owner of Fsckin w/linux took a trip to test Firewalls and Linux. From IPCop to Smoothwall to the 8MB Monowall, he compares and contrasts the value of each platform - but with a catch.

The HP Vectratesting platform we are using today is an HP Vectra slimline PC. Considering the computer was FREE (as in beer) after a company upgraded their workstations, the specifications are nothing to scoff at.

* Pentium III 500 MHz
* 192MB of RAM
* 1GB Transcend disk-on-chip IDE module
* Dual 100Mbps NICs


Very interesting...

Interview with the author of "Linux Firewalls"

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Michael Rash, the author behind "Linux Firewalls" chimes in about his background, his distro of choice, the current state of Linux security and much, much more.

He covers many issues and provides a lot of insight into security and Linux:

Question: What is the most interesting fact you've become aware of while researching for this book?

Intrusion detection systems and firewalls commonly offer the ability to tear down TCP connections by forging a RST packets, but the specifics of how this is done varies quite a bit across different IDS and firewall implementations. The most interesting fact I stumbled across during my research concerns differences in the handling of the ACK control bit on RST packets. For example,

IPFire: Free firewall for your home or SOHO

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

IPFire is a linux based firewall distribution with a lot of extras. The base for the stable version 1.4.9 was the IPCop that has been hardly modified. There were added: Asterisk PBX, Samba, MorningReconnect, LPR-NG and many other things.

I've always been a fan of Shorewall and Firestarter - what have you used as a good base firewall setup? Any thoughts how this will match up in an enterprise server environment?