[INFO] Linux Firewalling/Router/Gateway - Firewall Distros

Networking/Security Forums -> Firewalls // Intrusion Detection - External Security

Author: snail PostPosted: Sat Apr 20, 2002 5:55 pm    Post subject: [INFO] Linux Firewalling/Router/Gateway - Firewall Distros
http://netfilter.samba.org ...

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Sun Apr 21, 2002 3:22 am    Post subject:

http://www.clarkconnect.org - Free firewall, pretty good for a plug and go solution, hard to add extra things to it though and pretty tough to get it to stop doing things it wants to. The advantage is if you have a cable modem, you plug it in and you're sorted.


http://www.smoothwall.org - Smoothwall is pretty much the same as IPCop (they are diverging more now) but the main problem is they also make a commercial version and are money grabbers so focus on that more than it's GPL little brother.


http://www.ipcop.org - IPCop is a GPL branch off from smoothwall so it's got the bugs fixed etc. and it's still free. The advantage of IPCop over Clarkconnect is the support for 3 NIC's and the use of a DMZ with pinhole connections.

NetBSD/i386 Firewall

http://www.dubbele.com/ - NetBSD firewall

IPF/IPTables Resources

http://www.linuxguruz.org/iptables/ - The best resource

http://www.linuxnewbie.org/nhf/intel/security/iptables_basics.html - Good basic guide

http://www.obfuscation.org/ipf/ - IPF resources

http://coombs.anu.edu.au/ipfilter/ - More IPF

Last edited by ShaolinTiger on Fri Oct 03, 2003 1:22 pm; edited 3 times in total

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Mon Apr 29, 2002 2:51 am    Post subject:
Some entries:

Astaro - Pretty heavyweight excellent feature set, needs some good hardware though.

Linux Router Project Floppy style

Astaro Clone?

Moved from another thread.

Contributed by BRasCO and maxpower.

Last edited by ShaolinTiger on Fri Oct 03, 2003 1:13 pm; edited 1 time in total

Author: ReD PostPosted: Fri May 03, 2002 4:41 pm    Post subject: Nice little list you have going there ....
Hi .... I'm chris btw, I was just browsing around and ran accross yer board here ... thought I might add a little ... so here I am Smile

anyway, I have been testing all the above mentioned firewall solutions (cept for igwall which I just downloaded and am burning as we speak) and I agree with most of what was said here. I'll cut and paste what I've said elsewhere about those solutions and a few others


Astaro - Love it, Needs a bit more horsepower and newer equipment than most firewall distros but you simply can't beat the ease of administration once it set up and running. The install is relatively easy but figuring everything out in the web interface does take just a bit of a learning curve. Overall a very good product.


Clarkconnect - Excellent Piece of work here. Great for those with a little bit of knowledge and it has nice features such as automatic updates of their own DYNDNS system apache and MySQL are installed. It can be used on an older box. It has samba installed for network shared space of multiple OS's. It has VPN capabilities.


E-smith Server and Gateway - Another GREAT choice. I really like the way this particular distro handles user accounts and builds email addresses for them and integrates shared user space. One thing I didn't like was that it was trying to gain control over my network and it did cause a few issues ... otherwise a very solid choice.


Engarde - Worthless piece of proprietary crap

Immunix OS

Immunix OS - Never did get it to run properly


IP Cop Firewall - Direct knock off of Smoothwall (see smoothwall)


Netule - Direct knock off of Astaro


Smoothwall - Excellent "beginner" firewall solution. Installation is a breeze even with older equipment. It runs very solid and has a great basic amount of features. Ideal for the Home user with high speed data access.

These opinions are strictly my own and not meant as an argument to comments made earlier , just another opinion.

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Aug 13, 2002 8:34 pm    Post subject:
Ok I've had a few requests to add the Floppy type firewalls, here goes:



ClosedBSD is a firewall and network address translation utility which boots off of a single floppy disk or CDROM, and requires no hard drive. ClosedBSD is based off of the FreeBSD kernel, and uses ipfw as its native ruleset management system, and natd as it's network address translation utility.



floppyfw is a static router with the firewall-capabilities in Linux.

Although it is called a firewall it does not have all the functionality we are expecting from a firewall of today. It is basically a Screening router or Packet filtering firewall. (Although many firewalls sold today are just this.)



FREESCO (stands for FREE ciSCO) is a free replacement for commercial routers supporting up to 3 ethernet/arcnet/token_ring/arlan network cards and up to 2 modems.



TheWall is a collection of PicoBSD configuration trees and prebuild binaries for various platforms that provides NAT and firewall services for a small network. The goal of theWall project is to allow a user to get going quickly without having to learn the details of building a PicoBSD release.

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Mon Sep 09, 2002 4:16 pm    Post subject:
I've another one too add on the floppy front:

Linux Embedded Appliance Firewall

An easy to use embedded Linux network appliance for use in small office, home office, and home automation environments. Although it can be used in other ways, it's primarily used as a gateway/router/firewall for Internet leaf sites.


Out of interest has anyone used any of these with a dial-on-demand type connection?

I need to do it with ISDN, any recommendations for best compatibility (External ISDN adapter).

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Fri Oct 03, 2003 1:09 pm    Post subject:
As a replacement for LRP using a combination of LRP and Coyote there is also now Frazierwall:


FrazierWall Linux - I developed FrazierWall Linux originally as my own customized firewall. It was originally based on the Linux Router Project and Coyote Linux 1.03. However, as I continued to modify and develop the product, it began to take on a life of its own as a separate distribution of Linux. My goal was to create a preconfigured router/firewall already built to provide DHCP and time services to any home or small business LAN.

Unlike the base LRP 2.9.8, FrazierWall Linux uses a Linux 2.2.18 kernel and has extensive customizations to make it more end user friendly. This firewall is designed to use Linux 2.2's IP Masquerading (NAT Routing). I have preconfigured a set of firewall rules that should further enhance the security of the product. I went to great effort to test and even attempt to break the security myself. It has been tested extensively in the open environment by real users and real hacker tools. Special credit goes to my friends on Cox High Speed Internet, a cablemodem service.

This thread hasn't been updated for a long time so if anyone else has any new firewall/gateway/router type distros that have not been mentioned here please post them (no comments or general chat please.)

Author: z0ulsh1ne PostPosted: Mon Nov 03, 2003 12:49 am    Post subject:
-> http://www.fli4l.de/english/e_fli4l.htm

Fli4l is a single floppy Linux-based ISDN, DSL and Ethernet-Router. You can build it from an old 486 based pc with 16 megabyte memory, which is more than adequate for this purpose.

The necessary boot-disk can be built under Unix, Linux or Windows. You don't need any specific Linux-knowledge, but this would be useful. You should have some basic knowledge about networking, TCP/IP, DNS and routing though. For extensions and further development, that exceed the standard configuration, you need a working Linux-system and Unix/Linux knowledge.

Author: biox PostPosted: Wed Jan 28, 2004 8:57 am    Post subject:
Anyone ever looked at Coyote? http://www.coyotelinux.com/modules.php?name=Products&op=coyote

Another floppy distro, I've used it on and off at home for the past 2 years with no problems at all.

Author: rgachagoLocation: Gaborone PostPosted: Tue Feb 10, 2004 3:14 pm    Post subject:
This one is quite feature rich and easy to setup


Author: forza PostPosted: Mon Nov 29, 2004 8:22 pm    Post subject:

Author: wybnormalLocation: California PostPosted: Sun Feb 27, 2005 5:46 am    Post subject:
m0n0wall Smile Ten minutes to configure the WRAP board and get it loaded Smile


Author: GrullanetxLocation: The Beach! in Venezuela PostPosted: Thu Mar 10, 2005 10:08 am    Post subject:
Hi all!...

NetBoz Firewall



NetBoz works over standard FreeBSD services, giving maximum flexibility, ease of use and performance to corporate networks. Do you need more power? just add hardware. No user licences to pay for, no costly upgrades, no brand dependance.

NetBoz is a live CD. It does not use a hard disk, while all the settings are stored on a write-protectable diskette, making it virtually inmune to intrusions and power failures

Main Features
Web administration interface
Does not use a hard disk
Works with 2 or 3 network interfaces
NAT for publishing LAN or DMZ services
DNS server
DHCP server
DHCP client on WAN interface
PPPoE support (new!)
Real time traffic monitoring
Unlimited users
It's free !

Linux Netwosix


Netwosix is a powerful and optimized Linux distribution for servers and Network Security related jobs. It can be also used for special operations as penetration test with its big collection of softwares and sources security oriented. It's a ligh distribution created for the requirements of every SysAdmin and it's very portable and highly configurable. Our philosophy is to give a big liberty of configuration to the SysAdmin. Only in this way he/she can configure a powerful and stable server machine. Linux Netwosix have also a powerful ports system (Nepote) similar to the xBSD systems but more flexible and usable


Sentry Firewall


redWall Firewall CD

redWall is a bootable CD-ROM Firewall with Snort, snortsam, dansguardian and support for fwbuilder, spamassassin, reporting (using ACID/sarg/ntop/webfwlog), VPN (FreeSWan/PoPToP/Openvpn) and mail alerting (by mail). Configs are stored on a Floppy or USB


CD-ROM Firewall

CD-ROM Firewall is a Red Hat/FEDORA based firewall that boots off a CD-ROM. Utilizing a headless, diskless computer it can provide services such as network address translation (NAT), virtual private network (VPN), ADSL connnectivity, DHCP, DNS, and many


NetBSD/i386 Firewall


NetBSD/i386 Firewall is a free firewall solution for people with a permanent Internet connection. This includes most users of cable or ADSL services, but also businesses with leased lines. PPPoE support and PPTP support is available on CD.



Author: Terry88 PostPosted: Mon Aug 31, 2009 7:51 am    Post subject: another great Firewall
i'd like to add something too Very Happy
i can recomment
Ideco Gateway
vpn,firewall, mail server and more
based on linux red hat
been running it for some time now on my small netwaork and planning to take it our main newwork of arounf 150 workstations
btw i got it for free from ideco

Author: adamjoh PostPosted: Mon Oct 15, 2012 11:31 pm    Post subject: Most innovative and best in class firewall so far
Here is my contribution, real nice firewall and router, best of all it's free. Based on OpenBSD and just recently was reviewed in BSD Magazine, that's we're read about it.

Halon Security Security Routers (SR): http://www.halon.se/products/firewalls
They got free downloads and great wiki: http://wiki.halon.se

Here is a comparison to some other free: http://wiki.halon.se/SR/Comparison

Some nice features:

Manual key IPsec
IKE (ISAKMP) for automatic keying IPsec
IKEv2 with mobile support (MOBIKE)
GRE, IPIP (RFC 1933) and Ethernet (RFC 3378) tunnels
High availability using SA synchronization
Equal-cost multi-path routing
VRFs using routing domains
OSPFv2 and OSPFv3 (IPv6)
BGP with support for VPNs using extended communities and TCP MD5
LDP for MPLS (provider edge)
Multicast and DVMRP
PPPoE client
Bridges with RSTP
VLANs (802.1q)
QinQ VLAN s (802.1ad)
Trunking and link aggregation with LACP
DHCP server, client and relay
DHCPv6 server, client and relay
IPv6 router advertisement and solicitation
Hierarchical human-readable configuration file format
Atomic configuration commit (no reboot requirement, ever)
Test configurations during specified time (always reverts perfectly)
Revision-based configuration, with message, user, timestamp and diffing
Support for clustering
Full IPv6 support, even for online software updating
Root access option
Optional zero-config clustering using dedicated cluster port
Active/passive and active/active high availability
CARP (address redundancy)
Configuration, firewall, IPsec and DHCP synchronization
Stateful packet filtering
Policy-based rulesets with packet tagging
Quality of service with hierarchical queueing
Alterations such as NAT, redirects and policy routing in-line with rules
NetFlow export
Load balancing and internet failover
Layer 3 forwarding with many probe conditions
Layer 7 proxy with SSL acceleration support
Route alternation

Networking/Security Forums -> Firewalls // Intrusion Detection - External Security

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group