Firewall - Page 3.5

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

An Introduction to UFW, Ubuntu’s ‘Uncomplicated’ Firewall

Iptables are the cornerstone for configuring firewalls and managing network traffic in Linux. For the uninitiated, iptables can be complex and intimidating. However, most Linux distributions provide simpler front-end interfaces to manage iptables rul...
Dec 31, 2023
  356

The Open Source Firewall – IPFire 2.27 – Core Update 173 Released: What’s New?

Get ready to experience the best of IPFire 2.27 – Core ...
Mar 01, 2023
  786
32.Lock Code Circular Esm H115

IPFire Hardened Linux Firewall Distro Is Now Powered by Linux Kernel 6.1 LTS

IPFire 2.27 Core Update 173 is out to introduce support...
Feb 28, 2023
  749
20.Lock AbstractDigital Circular Esm H115

Discover Firewalls News

LS Hmepg 337x500 34 Esm H200

How To Set Up Shorewall (Shoreline) 4.0 Firewall On CentOS 5.1

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Shoreline Firewall, more commonly known as "Shorewall", is a high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities. https://shorewall.org/ Shorewall is a great firewall package for Linux it's, most distro's have packages available. What do you think about Shorewall? Do you have any other favorite firewall package.

LS Hmepg 337x500 34 Esm H200

A Dedicated Firewall/Router: Devil-Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Devil-Linux is a distribution which boots and runs completely from CD. The configuration can be saved to a floppy diskette or a USB pen drive. It was originally intended to be a dedicated firewall/router but now Devil-Linux can also be used as a server for many applications. Attaching an optional hard drive is easy, and many network services are included in the distribution. Have you used any Linux distributions which are design to be used as a firewall or router? This article looks at the Devil-Linux distribution with some useful links to learn more about this Linux distro.

LS Hmepg 337x500 34 Esm H200

Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and Configuration

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

(The)Demilitarized zone, used to secure an internal network from external access. You can use Linux firewall to create DMZ easily. There are many different ways to design a network with a DMZ. The basic method is to use a single Linux firewall with 3 Ethernet cards. The following simple example discusses DMZ setup and forwarding public traffic to internal servers. There's a little advanced know-how required here and he recommends a couple good firewalls to set up such functionality just in case this very useful guide doesn't fit the bill. If you are looking to set up a Linux Demilitarized zone a couple of options include EnGarde, IpCop and others.

LS Hmepg 337x500 34 Esm H200

Iptables as a Replacement for Commercial Enterprise Firewalls

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Are you administrating a corporate network? How do you ensure securing your web services? There are many different solutions, but Iptables is one of the newer ones, and is up to the job. With IT budgets getting tighter, managers need to trim costs. Service contracts are expensive for any technology; firewalls are no exception. Netfilter, the project that provides the packet filtering program Iptables, is a free firewall alternative. While it lacks the service contract of commercial solutions and a pretty interfaces to make firewall modification easy, it has solid performance, performs effectively at firewalling, and allows for add-on functionality to enhance its reporting and response functions.

LS Hmepg 337x500 34 Esm H200

Review: 7 Linux/BSD Firewalls

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A new blogger to the Linux Security space (he switched months ago), the owner of Fsckin w/linux took a trip to test Firewalls and Linux. From IPCop to Smoothwall to the 8MB Monowall, he compares and contrasts the value of each platform - but with a catch. The HP Vectratesting platform we are using today is an HP Vectra slimline PC. Considering the computer was FREE (as in beer) after a company upgraded their workstations, the specifications are nothing to scoff at. * Pentium III 500 MHz * 192MB of RAM * 1GB Transcend disk-on-chip IDE module * Dual 100Mbps NICs Very interesting...

LS Hmepg 337x500 34 Esm H200

Interview with the author of "Linux Firewalls"

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Michael Rash, the author behind "Linux Firewalls" chimes in about his background, his distro of choice, the current state of Linux security and much, much more. He covers many issues and provides a lot of insight into security and Linux: Question: What is the most interesting fact you've become aware of while researching for this book? Intrusion detection systems and firewalls commonly offer the ability to tear down TCP connections by forging a RST packets, but the specifics of how this is done varies quite a bit across different IDS and firewall implementations. The most interesting fact I stumbled across during my research concerns differences in the handling of the ACK control bit on RST packets. For example,

LS Hmepg 337x500 34 Esm H200

IPFire: Free firewall for your home or SOHO

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

IPFire is a linux based firewall distribution with a lot of extras. The base for the stable version 1.4.9 was the IPCop that has been hardly modified. There were added: Asterisk PBX, Samba, MorningReconnect, LPR-NG and many other things. I've always been a fan of Shorewall and Firestarter - what have you used as a good base firewall setup? Any thoughts how this will match up in an enterprise server environment?

LS Hmepg 337x500 34 Esm H200

Firewalls? Firewalls?? We don't need no stinkin' Firewalls!!

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Firewalls are often framed as a one job tool. Furthermore, when looking to set up a secure network infrastructure, this Debian Admin says that sometimes they aren't aren't even needed! To the contrary, Firewalls can be engineered to serve a number of purposes such as fragment reassembly for instance (as the author at TuxMachines states) and are generally only as secure as they are configured to be. It seems that Firewalls are commonly misconceived of both being the given for network security (possibly not true) and not nearly enough on their own (the given among those who know security). (bonus points for those who know the movie being alluded to in the title)

LS Hmepg 337x500 34 Esm H200

Firewall Configuration Testing Tool

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Sometimes a rule configuration may reside in a place other than the basic rule configuration place. In such a case, it is difficult to confirm whether it is an intended configuration by the system administrators. (Is an unnecessary hole open, or is a necessary hole open?) So, we developed a tool which checks the rule of a Firewall. " In any network your first line of defense is the firewall. One new firewall checker is called Dr.Morena. It's made up of two modules one is the check engine and the other is the packet list making engine. They work on Linux so it's good at checking your iptables. Go ahead and test your firewall to see how well it protects your network.

LS Hmepg 337x500 34 Esm H200

Securing Your Linux Server With Iptables

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

'Spamming', when used in a different context, does not necessarily have to be email specific. If you ever had a chance to play arcade fighter's such as Street Fighter 2, you'll notice that certain fighters have "cheap" moves that can be "used over and over", such as M. Bison's scissor kick corner trap (ah the old days). A player could pretty much "spam" this combo over and over. The interesting part about this cheap combo is that it could be countered just as easily with some skill. A basic set of good iptables rules is the perfect counter punch to a slew of common spamming attacks - no need to have SpamAssassin or procmail process the email when it doesn't even get through the front lines! Read on to gain a good base understanding of iptables and its rules. Ha-dou-ken!

LS Hmepg 337x500 34 Esm H200

IPS app available for free

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Network managers looking for an inexpensive way to better secure traffic crossing their nets might want to check out a free application from Intoto. Intoto, a provider of security software for enterprise network equipment and CPE gateways, last week at Interop, introduced a stand-alone intrusion-prevention system (IPS) application that the company says will help small and midsize companies looking for enterprise-scale security tools.

LS Hmepg 337x500 34 Esm H200

NuFW brings IPv6 support

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Now User Filtering Works (NuFW) team has announced the initial release of the 2.2 stable branch. NuFW is a user-authenticating firewall that runs on top of the the Netfilter framework. This release includes several new features, including complete support for IPv6.

LS Hmepg 337x500 34 Esm H200

IPv6 firewalling knows no middle ground

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Two months ago, we published Everything you need to know about IPv6, telling you the following about firewalling IPv6 in relationship to the Network Address Translation that is common in today's IPv4 home routers. If you have a router or home gateway that supports IPv6, make sure that it, too, filters IPv6. A stateful filter that allows outgoing connections and return traffic, but not incoming connections is closest to the IPv4 NAT filtering functionality. This is in line with the recommendations in a document that the Internet Engineering Task Force's IPv6 Operations (v6ops) working group is developing:

LS Hmepg 337x500 34 Esm H200

AlgoSec Raises Firewall Security Risk Management Bar

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

AlgoSec announced its latest version which provides a web-user interface to ensure policy compliance and maximize network efficiency. AlgoSec Firewall Analyzer solutions provide risk management, change management, automated audit, and security and policy compliance capabilities in easy to deploy and use offerings. AlgoSec

LS Hmepg 337x500 34 Esm H200

Danger inside the firewall

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Between the latest firewall technology and advanced intrusion detection systems, IT professionals are breathing a little easier. This is a big mistake. It may be easier to protect the network from external attack these days, but the greatest security risks still come from inside the DMZ. I work for a small, single-branch credit union in Minneapolis, and I am a one-man shop. If there's a technical problem, I'm the guy who has to fix it. Once a year, auditors from a large accounting firm come in to perform an audit for our year-end financial statements. In the past, the only tech support I needed to provide was to set up a local printer they could use from their laptops. I couldn't have given them access to my network if I wanted to, as their techs had their laptops locked down, and I couldn't make any changes to their setup.

LS Hmepg 337x500 34 Esm H200

Computer Associates to Market Learn-by-Example Firewall

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Computer Associates, a business software vendor will market a 'host-based' firewall that learns-by-example to provide better security of computers and computer networks, the company said. The firewall provides centrally managed computer security and simplifies deployment on Windows systems, the company said.

LS Hmepg 337x500 34 Esm H200

Simple Firewall Configuration Using NetFilter/iptables

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Most major Linux distributions, SuSE ones included, feature some user interface for firewall configuration. There's nothing wrong with them but I couldn't get quite the configuration I wanted and chose to create configurations manually. The iptables man pages are really a documentation of syntactical detail of the iptables command line and don't provide guidance on composition of a firewall from a series of rules. There's a lot of scattered information about iptables that can be found using your favourite search engine but none of it quite taught me what I needed to know. In the end I figured out what I needed using a Vmware virtual machine running SuSE Linux Pro 10.0. The following is offered as documentation of simple firewall configuration using iptables. Verifying that the resultant firewall adequately secures the relevant hosts is left as an exercise for the reader.

LS Hmepg 337x500 34 Esm H200

Book: Designing and Implementing Linux Firewalls and QoS using netfilter, iproute, NAT and l7-filter

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Firewalls are used to protect your network from the outside world. Using a Linux firewall, you can do a lot more than just filtering packets. This book shows you how to implement Linux firewalls and Quality of Service using practical examples from very small to very large networks. After giving us a background of network security, the book moves on to explain the basic technologies we will work with, namely netfilter, iproute2, NAT and l7-filter. These form the crux of building Linux firewalls and QOS. The later part of the book covers 5 real-world networks for which we design the security policies, build the firewall, setup the script, and verify our installation. Providing only necessary theoretical background, the book takes a practical approach, presenting case studies and plenty of illustrative examples.

Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved