• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

[INFO] Linux Firewalling/Router/Gateway - Firewall Distros

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security

View previous topic :: View next topic  
Author Message
snail
Just Arrived
Just Arrived


Joined: 19 Apr 2002
Posts: 0


Offline

PostPosted: Sat Apr 20, 2002 5:55 pm    Post subject: [INFO] Linux Firewalling/Router/Gateway - Firewall Distros Reply with quote

http://netfilter.samba.org ...
Back to top
View user's profile Send private message Send e-mail
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Sun Apr 21, 2002 3:22 am    Post subject: Reply with quote

Clarkconnect

http://www.clarkconnect.org - Free firewall, pretty good for a plug and go solution, hard to add extra things to it though and pretty tough to get it to stop doing things it wants to. The advantage is if you have a cable modem, you plug it in and you're sorted.

Smoothwall

http://www.smoothwall.org - Smoothwall is pretty much the same as IPCop (they are diverging more now) but the main problem is they also make a commercial version and are money grabbers so focus on that more than it's GPL little brother.

IPCop

http://www.ipcop.org - IPCop is a GPL branch off from smoothwall so it's got the bugs fixed etc. and it's still free. The advantage of IPCop over Clarkconnect is the support for 3 NIC's and the use of a DMZ with pinhole connections.

NetBSD/i386 Firewall

http://www.dubbele.com/ - NetBSD firewall

IPF/IPTables Resources

http://www.linuxguruz.org/iptables/ - The best resource

http://www.linuxnewbie.org/nhf/intel/security/iptables_basics.html - Good basic guide

http://www.obfuscation.org/ipf/ - IPF resources

http://coombs.anu.edu.au/ipfilter/ - More IPF


Last edited by ShaolinTiger on Fri Oct 03, 2003 1:22 pm; edited 3 times in total
Back to top
View user's profile Send private message Visit poster's website
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Mon Apr 29, 2002 2:51 am    Post subject: Reply with quote

Some entries:

Astaro - Pretty heavyweight excellent feature set, needs some good hardware though.

Linux Router Project Floppy style

Astaro Clone?

Moved from another thread.

Contributed by BRasCO and maxpower.


Last edited by ShaolinTiger on Fri Oct 03, 2003 1:13 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
ReD
Just Arrived
Just Arrived


Joined: 03 May 2002
Posts: 0


Offline

PostPosted: Fri May 03, 2002 4:41 pm    Post subject: Nice little list you have going there .... Reply with quote

Hi .... I'm chris btw, I was just browsing around and ran accross yer board here ... thought I might add a little ... so here I am Smile

anyway, I have been testing all the above mentioned firewall solutions (cept for igwall which I just downloaded and am burning as we speak) and I agree with most of what was said here. I'll cut and paste what I've said elsewhere about those solutions and a few others

Astaro

Astaro - Love it, Needs a bit more horsepower and newer equipment than most firewall distros but you simply can't beat the ease of administration once it set up and running. The install is relatively easy but figuring everything out in the web interface does take just a bit of a learning curve. Overall a very good product.


ClarkConnect

Clarkconnect - Excellent Piece of work here. Great for those with a little bit of knowledge and it has nice features such as automatic updates of their own DYNDNS system apache and MySQL are installed. It can be used on an older box. It has samba installed for network shared space of multiple OS's. It has VPN capabilities.

E-smith

E-smith Server and Gateway - Another GREAT choice. I really like the way this particular distro handles user accounts and builds email addresses for them and integrates shared user space. One thing I didn't like was that it was trying to gain control over my network and it did cause a few issues ... otherwise a very solid choice.

Engarde

Engarde - Worthless piece of proprietary crap

Immunix OS

Immunix OS - Never did get it to run properly

IPCop

IP Cop Firewall - Direct knock off of Smoothwall (see smoothwall)

Netule

Netule - Direct knock off of Astaro

Smoothwall

Smoothwall - Excellent "beginner" firewall solution. Installation is a breeze even with older equipment. It runs very solid and has a great basic amount of features. Ideal for the Home user with high speed data access.

These opinions are strictly my own and not meant as an argument to comments made earlier , just another opinion.
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Aug 13, 2002 8:34 pm    Post subject: Reply with quote

Ok I've had a few requests to add the Floppy type firewalls, here goes:

ClosedBSD

http://www.closedbsd.org/index.html

ClosedBSD is a firewall and network address translation utility which boots off of a single floppy disk or CDROM, and requires no hard drive. ClosedBSD is based off of the FreeBSD kernel, and uses ipfw as its native ruleset management system, and natd as it's network address translation utility.

FloppyFW

http://www.zelow.no/floppyfw/

floppyfw is a static router with the firewall-capabilities in Linux.

Although it is called a firewall it does not have all the functionality we are expecting from a firewall of today. It is basically a Screening router or Packet filtering firewall. (Although many firewalls sold today are just this.)

Freesco

http://www.freesco.org

FREESCO (stands for FREE ciSCO) is a free replacement for commercial routers supporting up to 3 ethernet/arcnet/token_ring/arlan network cards and up to 2 modems.

TheWall

http://thewall.sourceforge.net/

TheWall is a collection of PicoBSD configuration trees and prebuild binaries for various platforms that provides NAT and firewall services for a small network. The goal of theWall project is to allow a user to get going quickly without having to learn the details of building a PicoBSD release.
Back to top
View user's profile Send private message Visit poster's website
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Mon Sep 09, 2002 4:16 pm    Post subject: Reply with quote

I've another one too add on the floppy front:

Linux Embedded Appliance Firewall

An easy to use embedded Linux network appliance for use in small office, home office, and home automation environments. Although it can be used in other ways, it's primarily used as a gateway/router/firewall for Internet leaf sites.

http://leaf.sourceforge.net

Out of interest has anyone used any of these with a dial-on-demand type connection?

I need to do it with ISDN, any recommendations for best compatibility (External ISDN adapter).
Back to top
View user's profile Send private message Visit poster's website
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Fri Oct 03, 2003 1:09 pm    Post subject: Reply with quote

As a replacement for LRP using a combination of LRP and Coyote there is also now Frazierwall:

http://www.frazierwall.com/

Quote:
FrazierWall Linux - I developed FrazierWall Linux originally as my own customized firewall. It was originally based on the Linux Router Project and Coyote Linux 1.03. However, as I continued to modify and develop the product, it began to take on a life of its own as a separate distribution of Linux. My goal was to create a preconfigured router/firewall already built to provide DHCP and time services to any home or small business LAN.

Unlike the base LRP 2.9.8, FrazierWall Linux uses a Linux 2.2.18 kernel and has extensive customizations to make it more end user friendly. This firewall is designed to use Linux 2.2's IP Masquerading (NAT Routing). I have preconfigured a set of firewall rules that should further enhance the security of the product. I went to great effort to test and even attempt to break the security myself. It has been tested extensively in the open environment by real users and real hacker tools. Special credit goes to my friends on Cox High Speed Internet, a cablemodem service.


This thread hasn't been updated for a long time so if anyone else has any new firewall/gateway/router type distros that have not been mentioned here please post them (no comments or general chat please.)
Back to top
View user's profile Send private message Visit poster's website
z0ulsh1ne
Just Arrived
Just Arrived


Joined: 03 Jul 2003
Posts: 0


Offline

PostPosted: Mon Nov 03, 2003 12:49 am    Post subject: Reply with quote

-> http://www.fli4l.de/english/e_fli4l.htm

Fli4l is a single floppy Linux-based ISDN, DSL and Ethernet-Router. You can build it from an old 486 based pc with 16 megabyte memory, which is more than adequate for this purpose.

The necessary boot-disk can be built under Unix, Linux or Windows. You don't need any specific Linux-knowledge, but this would be useful. You should have some basic knowledge about networking, TCP/IP, DNS and routing though. For extensions and further development, that exceed the standard configuration, you need a working Linux-system and Unix/Linux knowledge.
Back to top
View user's profile Send private message
biox
Just Arrived
Just Arrived


Joined: 08 Jan 2004
Posts: 0


Offline

PostPosted: Wed Jan 28, 2004 8:57 am    Post subject: Reply with quote

Anyone ever looked at Coyote? http://www.coyotelinux.com/modules.php?name=Products&op=coyote

Another floppy distro, I've used it on and off at home for the past 2 years with no problems at all.
Back to top
View user's profile Send private message
rgachago
Just Arrived
Just Arrived


Joined: 26 Sep 2003
Posts: 0
Location: Gaborone

Offline

PostPosted: Tue Feb 10, 2004 3:14 pm    Post subject: Reply with quote

This one is quite feature rich and easy to setup

http://www.censornet.com/
Back to top
View user's profile Send private message
forza
Just Arrived
Just Arrived


Joined: 26 Nov 2004
Posts: 0


Offline

PostPosted: Mon Nov 29, 2004 8:22 pm    Post subject: Reply with quote

monowall
http://m0n0.ch/wall/
Back to top
View user's profile Send private message
wybnormal
Just Arrived
Just Arrived


Joined: 26 Feb 2005
Posts: 0
Location: California

Offline

PostPosted: Sun Feb 27, 2005 5:46 am    Post subject: Reply with quote

m0n0wall Smile Ten minutes to configure the WRAP board and get it loaded Smile

MikeS
Back to top
View user's profile Send private message Visit poster's website AIM Address
Grullanetx
Just Arrived
Just Arrived


Joined: 27 Sep 2004
Posts: 0
Location: The Beach! in Venezuela

Offline

PostPosted: Thu Mar 10, 2005 10:08 am    Post subject: Reply with quote

Hi all!...

NetBoz Firewall

http://www.netboz.net/


Quote:

NetBoz works over standard FreeBSD services, giving maximum flexibility, ease of use and performance to corporate networks. Do you need more power? just add hardware. No user licences to pay for, no costly upgrades, no brand dependance.

NetBoz is a live CD. It does not use a hard disk, while all the settings are stored on a write-protectable diskette, making it virtually inmune to intrusions and power failures

Main Features
Web administration interface
Does not use a hard disk
Works with 2 or 3 network interfaces
NAT for publishing LAN or DMZ services
DNS server
DHCP server
DHCP client on WAN interface
PPPoE support (new!)
Real time traffic monitoring
Unlimited users
It's free !




Linux Netwosix

Quote:

Netwosix is a powerful and optimized Linux distribution for servers and Network Security related jobs. It can be also used for special operations as penetration test with its big collection of softwares and sources security oriented. It's a ligh distribution created for the requirements of every SysAdmin and it's very portable and highly configurable. Our philosophy is to give a big liberty of configuration to the SysAdmin. Only in this way he/she can configure a powerful and stable server machine. Linux Netwosix have also a powerful ports system (Nepote) similar to the xBSD systems but more flexible and usable


http://www.netwosix.org/


Sentry Firewall

http://www.sentryfirewall.com/


redWall Firewall CD

redWall is a bootable CD-ROM Firewall with Snort, snortsam, dansguardian and support for fwbuilder, spamassassin, reporting (using ACID/sarg/ntop/webfwlog), VPN (FreeSWan/PoPToP/Openvpn) and mail alerting (by mail). Configs are stored on a Floppy or USB


http://sourceforge.net/projects/redwall/


CD-ROM Firewall

Quote:
CD-ROM Firewall is a Red Hat/FEDORA based firewall that boots off a CD-ROM. Utilizing a headless, diskless computer it can provide services such as network address translation (NAT), virtual private network (VPN), ADSL connnectivity, DHCP, DNS, and many


http://sourceforge.net/projects/cdfw/


NetBSD/i386 Firewall

Quote:

NetBSD/i386 Firewall is a free firewall solution for people with a permanent Internet connection. This includes most users of cable or ADSL services, but also businesses with leased lines. PPPoE support and PPTP support is available on CD.


http://firewall.dubbele.com/



--------------------------------------------------------------------------------------
Back to top
View user's profile Send private message
Terry88
Just Arrived
Just Arrived


Joined: 18 Aug 2009
Posts: 0


Offline

PostPosted: Mon Aug 31, 2009 7:51 am    Post subject: another great Firewall Reply with quote

i'd like to add something too Very Happy
i can recomment
Ideco Gateway
www.idecogateway.com
vpn,firewall, mail server and more
based on linux red hat
been running it for some time now on my small netwaork and planning to take it our main newwork of arounf 150 workstations
btw i got it for free from ideco
Back to top
View user's profile Send private message
adamjoh
Just Arrived
Just Arrived


Joined: 15 Oct 2012
Posts: 1


Offline

PostPosted: Mon Oct 15, 2012 11:31 pm    Post subject: Most innovative and best in class firewall so far Reply with quote

Here is my contribution, real nice firewall and router, best of all it's free. Based on OpenBSD and just recently was reviewed in BSD Magazine, that's we're read about it.

Halon Security Security Routers (SR): http://www.halon.se/products/firewalls
They got free downloads and great wiki: http://wiki.halon.se

Here is a comparison to some other free: http://wiki.halon.se/SR/Comparison

Some nice features:

VPN
Manual key IPsec
IKE (ISAKMP) for automatic keying IPsec
IKEv2 with mobile support (MOBIKE)
L2TP and PPTP
GRE, IPIP (RFC 1933) and Ethernet (RFC 3378) tunnels
High availability using SA synchronization
Routing
Equal-cost multi-path routing
VRFs using routing domains
OSPFv2 and OSPFv3 (IPv6)
BGP with support for VPNs using extended communities and TCP MD5
LDP for MPLS (provider edge)
Multicast and DVMRP
Ethernet
PPPoE client
Bridges with RSTP
VLANs (802.1q)
QinQ VLAN s (802.1ad)
Trunking and link aggregation with LACP
Other
DHCP server, client and relay
DHCPv6 server, client and relay
IPv6 router advertisement and solicitation
Management
Hierarchical human-readable configuration file format
Atomic configuration commit (no reboot requirement, ever)
Full SOAP API
Test configurations during specified time (always reverts perfectly)
Revision-based configuration, with message, user, timestamp and diffing
Support for clustering
Full IPv6 support, even for online software updating
Root access option
Clustering
Optional zero-config clustering using dedicated cluster port
Active/passive and active/active high availability
CARP (address redundancy)
Configuration, firewall, IPsec and DHCP synchronization
Firewall
Stateful packet filtering
Policy-based rulesets with packet tagging
Quality of service with hierarchical queueing
Alterations such as NAT, redirects and policy routing in-line with rules
NetFlow export
Load balancing and internet failover
Layer 3 forwarding with many probe conditions
Layer 7 proxy with SSL acceleration support
Route alternation
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register