Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Could anyone tell me the difference between a Hardware firewall and a Software firewall. Also which could be the best solution to protect my system. I have my website running on RedHat Linux 9.
The main difference is price. You'll pay more for a dedicated firewall rather than a little piece of software. I'm toying around with IPChains. You can setup a dedicated fw with a linux box and 2 nics
Well you do also pay mostly for the GUI development. Like there are firewalls out there which are based on netfilter and just add a GUI and managing tool for Winblows to it ... if I'm not mistaken the WatchGuard series is such a kind of firewall.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Well what are traditionally called "hardware" firewalls are more properly labeled "firmware" firewalls. They generally have very few moving parts and the firewall code itself is loaded from some type of NVRAM. "Software" firewalls can mean anything from specialized software running on dedicated hardware, to just an extra program you install on a normal system. Usually "software" firewall means an extra program you add. The middle ground would cover both "appliances", which are very close to the same as a firmware firewall, but actually have hard disk drives and run fairly standard hardware, to a "bastion host" which is just a dedicated host running a particular set of software for firewalling and maybe proxying.
You can create either a software firewall or a bastion host on Linux, depending on your resources. A firmware firewall would cost a significant amount of money (such as a Cisco Secure PIX, Netscreen, etc...) and an appliance would also cost, although generally not as much (some companies for instance make IPCop appliances that sell for several hundred dollars).
I did leave one possibility out: You could buy a consumer (or "SoHo") firmware firewall, such as Linksys, D-Link, Netgear, Belkin, etc... Those would cost between $80 and $150, depending on the model and any special promotions. The difference is those units are not very configurable, they almost never have a true DMZ, and they're usually very limited in the amount of IPs they can support.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.