Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I searched the forum for this topic, but the responses were quite old. What's the best current firewall distro for Linux? I want to tinker with turning a PC into a physical firewall. Keep heating about Sophos UTM Home. Is that any good?
They'll all use the same filter which you would access via iptables, probably via SSH or a serial cable. So it does not matter that much which distro to choose. I'd recommend steering towards a distro that has a Long Term Support release so that you don't have to mess with full system upgrades too often. The server version of Ubuntu would fulfill that criterion, but then so would many others.
If you want to try another OS, then you could try pfSense which is based on FreeBSD.
Or if you want the best and easiest (for certain definitions of easy) then there is PF which is built into OpenBSD. Installing the base set for OpenBSD would provide PF plus OpenSSH server and you'd be set. PF is much easier than iptables. OpenBSD itself is old school and does only what you tell it, no more no less. Getting used to that might be necessary but is wonderful because of that once it is familiar.
However, firewalls in general are vastly overrated: If M$ Edge or M$ Outlook are your infection vectors and either is still allowed to reach out through your firewall, you will get pwned regardless of how fine and clever the firewall is.
If you are approaching this to learn, then go for it. Otherwise, meh.
Last edited by Turbocapitalist; 03-17-2018 at 02:20 PM.
Reason: spelling
Again, if M$ Edge or M$ Outlook are your infection vectors and either is still allowed to reach out through your firewall, you will get pwned regardless of how fine and clever the firewall is.
You might take a look at IPCop. It is a standalone firewall. Also take a look at Shorewall. And there are others that are dedicated firewalls.
Do remember what a firewall does. It is a packet filter. It can block packets from ip addresses, packets that have impossible flags, packets that arrive too quickly and that sort of thing. But they are looking at the packets themselves, not the contents in relation to various threats that should be handled by the programs themselves. You can, for example, easily block any packet from China,say, but not a specific packet or set of packets that will cause a buffer overflow or something else due to a fault in the program. From what has been said above I suspect that you are looking for both.
For a packet firewall on Linux you will be looking at some frontend for the security modules in the kernel which due the actual filtering. The most common arrangement is a frontend to iptables which, in turn, is a frontend for the kernel modules. I highly recommend that you invest some time in learning and learning about iptables itself. They are not easy to go through and understand in detail, but the man pages for iptables and iptables-extensions. That will help you in evaluating what each 'firewall' you look at actually does. Once you know a little about iptables a command you will find useful is 'sudo iptables -L -v -n' which lists all the rules in the filter table. There are other tables, but that is the main one.
Sorry for the length, but your question made me think you were expecting too much from a firewall. If I'm wrong I'll apologize and crawl back under my rock.
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524
Rep:
Free firewall distros offer the illusion of security. It's kind of like wearing safety goggles when you work. It will prevent accidental debris. But goggles won't prevent someone from intentionally shooting you in the eye. If someone specifically desires to penetrate a firewall running a free firewall distro, it might as well not even be there for all the good it will do.
I must differ somewhat with the previous post. As AwesomeMachine points out, if someone really wants to penetrate your network, the odds are he or she will find a way in.
Similarly, if someone really wants to steal your car, he or she will probably steal your car, because he or she really wants your 1972 Lamborghini and there only three left outside of captivity. That's not a reason to leave the doors unlocked and the key in the ignition, especially given the common nature of random port scans on the internet.
You can use any linux distro, you can install Linux firewall on that distor that would be helpful for you instead of looking for distros fully based on the firewall. there are many Linux firewalls available on the web. take a look.
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,803
Rep:
Quote:
Originally Posted by Gremlin022
What's the best current firewall distro for Linux?
Slackware works for me. I use a Python script that creates/updates the rules based on blacklists that I've accumulated based on IPs I've gleaned from log files (senders that attempt mail relay access, web accesses that are trying to find Windows directories, stuff like that). It's not a panacea but it cuts down some of the obvious traffic I'd prefer not get access to, well, anything on the "clean" side of the firewall.
There may be better distributions that can be used as firewalls out of the box but Slackware's done a good job so far as it allows me to roll my own solution and -- unlike any Systemd-based distribution -- and I have better control of when, in the system startup sequence, the firewall setup takes place.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.