Linux Firewalls - use iptables or try Smoothwall.

posted by hal 20021123 (archived) | permalink| path | initial version: 20001120

If you don't have the money to buy a shrink wrapped firewall then consider getting Smoothwall GPL 2.0 (Smoothwall now uses a 2.4 kernel and iptables) or building your own with a hardened Linux 2.4 (i.e. RedHat 8) (no X, no xinetd, harden with bastille or titan etc) and a custom iptables script (the shipped one with a save option did not work properly the last time I tried it).

Iptables (netfilter)- runs in kernel space and the chain logic is better (INPUT/OUTPUT) than it's predecessor ipchains. There is a lot of shell scripts around for setting up your firewall (do a search for iptables at freshmeat). Before implementing or borrowing code from these make sure that you have a close look at the rules. I have seen config scripts which carefully protect the external interface from external packets but forget about protecting the internal interface from external packets when setting up the FORWARD chain.

A decent tutorial written by Oskar Andreasson is available.

Some other Linux firewalls available:

• Firestarter - is a Gnome frontend to iptables. Personally I would not have X running or even installed on a firewall.
• Bastille Linux - Linux hardening and simple firewall. Easy to use and educational.
• Linuxwall - commercial German offering based on a 2.4 kernel.
• Mandrake Single Network Firewall (SNF).2.2 Kernel.

---