Firewalls are designed to block unauthorized access to computers and networks while permitting authorized communications. They can be implemented in either hardware or software, or a combination of both. Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, and destination services including HTML and FTP, among others.
SmoothWall is a lean Linux distribution designed to be used as an open source firewall. It is not only feature-ridge, but easy-to-use since it is controlled through a web interface. The free Express version provides stateful inspection, dynamic and static NAT, proxy servers for the Web, egress controls, demilitarized zone (DMZ) segmentation (up to four network interface cards are supported), and a Dynamic Host Configuration Protocol (DHCP) server . The internal demilitarized zone allows users to add Wireless networks. Features missing in the free version are LDAP and RADIUS user authentication, SSL login, and certificates. The DHCP server is only available for the LAN network, but not for the DMZ. The firewall protects the WAN side, while the LAN side remains unprotected. These features are available for a fee in the advanced and corporate editions of SmoothWall. A comparison chart is available here, and the latest version 3.0 SP2 can be downloaded here.
ClearOS, formerly known as ClarkConnect, is a network and gateway server designed for small businesses and distributed environments. Based on Red Hat Enterprise Linux clone CentOS, the distribution includes an extensive list of features and integrated services which are easy to configure through an intuitive web-based interface. Since it only installs the programs needed to deliver chosen features, ClearOS is a very lightweight server distribution. Some of the tools found include antivirus, anti-spam, VPN, content filtering, bandwidth manager, SSL certification, and a web log analyzer. ClearOS uses Clam AV for virus protection and SpamAssasin for server-based anti-spam protection. The distribution is available for download here, and live-demos are available here.
Alpine Linux was originally designed to power hardware including routers, firewalls, VPN gateways and voice over IP (VoIP) devices. Proactive security features like PaX, a patch for the Linux kernel that implements least privilege protections for memory pages, and stack-smashing protection (SSP) help to prevent security exploits in software packages deployed behind the firewall. Excluding the kernel, Alpine Linux is only about 5 MB in size and the network configuration is similar to Debian. Since the system configuration can be backed up to a single file, users will be able to test deployments before moving them into a production environment. Alpine Linux is available for download here, tutorials and how-to articles are available here.
Recent Comments