Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have experienced, over time, different possibilities. I've used IPTABLES (written my own tables) in order to learn.
Currently, for my personal computer I use Firestarter, which I consider a very reliable and easy to use firewall.
For my router I use Smoothwall. It is small (under 250MB) has a nice web interface for the administrator and I find it friendly and reliable.
Some of our members reported overload of shorewall when traffic is hit by virus for M$ machines. IPTABLES is easy enough and without implementations and "improvements"
As far as I can see (and I use it), Shorewall is simply an iptables-rule generator. It has no active components. I believe that the stories of an "overload" must be mistaken.
Of course, the processing of iptables rules does require a certain amount of CPU power per-packet. Here, a hardware firewall on the front-end, e.g. within the router leading in from the DSL line or cable-modem, can be very useful. It will strip out most of the unwanted traffic, leaving Linux to deal only with a small percentage.
Learn iptables and write the rules by yourself!! Ethereal is a great help! Besides it is good to learn something about the firewall theory and different firewall "architectures" in order to write a good set of iptables rules: http://www.unix.org.ua/orelly/networ...fire/index.htm
iptables is extremely powerful. It is in the kernel itself, instead of being a program running on top of the kernel. This makes it hard to hack (typically). The downside is that you need to learn how to manually configure it if you want it to be perfect.
I believe there is only ONE firewall in linux, which is "iptables" (in fact it's part of the kernel), it replaces the old "ipchains" now.
In case you are asking about a front-end (GUI) to it, then there is plenty, but they are all bad at my opinion. Writign a firwall script is just a bad thing to do trought a GUI, you will always be limited at some time and drive into problem. You better just write it yourself by hand. It's not hard at all.
if you are wanting a dedicated firewall, router, proxy, NAT box, then i sujest looking into www.ipcop.org
this is a little 50M self installing CD that can handle up to 4 NICs. one for RED (connected to your ISP), GREEN (LAN safe side), BLUE (WiFi, different subnet then GREEN) and ORANGE as your DMZ again a different subnet.
has a nice little https: web interface and right out of the box is very secure, you can lock it down tighter as it does run iptables and there are plenty of pre-configured add-ons for blocking things.
this also does VPNs and much much more. check them out.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.