Can Linux be use as an alternative to checkpoint firewall?
 

Hi Gurus,

I have very little experience with Linux. We have a challenge to seek an alternative to our costly checkpoint firewall and I'm wondering if it is possible to configure a Linux server to serve as a firewall. If it's possible, what distro should I go for? My company's standard is RedHat and it would be great if RedHat can be used.

Thanks!

In linux iptables can be used as a firewall. But it can't replace checkpoint firewall, subset functions of checkpoint firewall specially ip filtering can be performed by iptables. access www.netfilter.org for more information

thnks

Linux can perform firewalling quite nicely but it would be necessary to know what level of firewalling you implement.
There are open source firewall solutions like IpCop, Endian, Untangle. Look at them. Most of them are free downloads.

Rather than just tossing in a product name let's see
what features you seek. If just blocking of certain
ports or narrowing traffic to certain ports down to
certain IPs, or forwarding certain traffic to "internal"
(e.g., a DMZed webhost) machines is all you need, IPtables
will do just fine. If you need application layer protection,
you can use proxies for certain things. And there's
http://l7-filter.sourceforge.net/ ... of course one can
also chuck snort into the mix, and psad and fwsnort.

The question is: is your company happy to pay for their
staff to tailor their solution?



Cheers,
Tink

Hi vishesh,

Thanks. Is this iptable available to all types of Linux including RedHat?

IPtables I guess is compiled in kernel itself and is available on almost all the distributions. RH is an enterprise level distribution and it can not afford to miss such a tool. For that matter no distribution I guess ships without it.

yes, iptables is available for all common linux distro. You can also download source code from netfilter.org and compile it.

thnks

Many thanks everyone. Time to get my hand dirty.