Robust Open Source Firewall Solutions - pfSense, Untangle, ShoreWall
(Page 3 of 4 )
Moving on, we’re starting this page with another open-source firewall suite. It’s the really modular, robust, and trusty pfSense. This project has been maturing into a really powerful solution. At the moment, it shows capabilities as an extremely configurable firewall with routing features. Based on FreeBSD, its list of features is impressive. We’ll check it out now.
You can appreciate the way pfSense displays its list of features. Check it out here. After each major function the limitations are clearly expressed. So glance over that list and figure out whether its functions and capabilities are sufficient for your requirements. Realistically, though, chances are that pfSense does more than you need. But it should be stated that it is not as beginner-friendly as the earlier solutions.
pfSense is the kind of software suite that requires maintenance every so often. But in order to do this, you need to be familiar with your own Linux environment. Don’t worry; pfSense has decent documentation. Its features include: stateful firewall, NAT, redundancy, outbound/inbound load balancing, VPN, PPPoE server, dynamic DNS, ability to act as a DHCP server, ability to export some RRD graphs, ability to provide real-time information based on AJAX, and so forth.
It’s time to present the fifth open-source firewall solution covered in this article: untangle. Once again, this product is composed of a series of open source applications along with commercial add-ons, if the user opts for them. The basic community package (free) comes with the following: web filter, intrusion prevention, spam and spyware blocker, protocol control, antivirus, phish blocking, routing & QoS, openVPN, firewall, reports…
Aside from the technical support that is only included within the Commercial package, the other add-ons aren’t that necessary (policy manager, AD connector, branding manager, kaspersky virus blocker, etc.). Chances are that the free edition already supports most of the things you need. Untangle is a quick grab-and-run type of application—it comes pre-configured and should run on all kinds of platforms.
The product itself is really modular; that’s why often it barely requires any additional configuration. Due to this, there are three possible variations of the free edition as well. These deployment options are the following: router (as a dedicated server acting both as a router and firewall), transparent bridge (it works behind other routers, firewall, and network devices) and re-router™ (protection, runs on Windows).
The last firewall that we will talk about is shorewall—iptables made easy!
Anyone with a background in Linux distributions has surely fiddled with the legacy ipfilter/ipchains combination of framework hooks in the Linux kernel. This set of tools was called Netfilter, and it provides the ability to intercept, manage, and work with packets. Configuring those chains and setting extra rule-sets wasn’t that easy…
Shoreline Firewall, since this is the full name of shorewall, is built upon Netfilter. This firewall is recommended mostly to advanced users that do not mind configuring their firewalls within plain-text configs files and aren’t afraid of the console, either! It does not have any kind of GUI, even though the Webmin module can be integrated. Its latest version already comes with IPv6 support. Check it out, if you like challenges!
Next: Final Thoughts >>
More Web Hosting Security Articles
More By Barzan 'Tony' Antal
