Firewall - Page 1.45

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

An Introduction to UFW, Ubuntu’s ‘Uncomplicated’ Firewall

Iptables are the cornerstone for configuring firewalls and managing network traffic in Linux. For the uninitiated, iptables can be complex and intimidating. However, most Linux distributions provide simpler front-end interfaces to manage iptables rul...
Dec 31, 2023
  356

The Open Source Firewall – IPFire 2.27 – Core Update 173 Released: What’s New?

Get ready to experience the best of IPFire 2.27 – Core ...
Mar 01, 2023
  786
32.Lock Code Circular Esm H115

IPFire Hardened Linux Firewall Distro Is Now Powered by Linux Kernel 6.1 LTS

IPFire 2.27 Core Update 173 is out to introduce support...
Feb 28, 2023
  749
20.Lock AbstractDigital Circular Esm H115

Discover Firewalls News

LS Hmepg 337x500 34 Esm H200

5 Best Linux/BSD Firewall Tools

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Over the course of recent years, some people have found the quality of most out-of-the-store firewall appliances either lacking functionality or worse, set at a price that has made them generally out of reach. Because of this issue, I thought it would be beneficial to write an article to better highlight what works and what does not with regard to turning an older PC into a standalone router/firewall appliance. What do you think about this list of firewall tools? Did they miss anyones that should be on it?

LS Hmepg 337x500 34 Esm H200

OSF - Passive OS Fingerprinting For IPtables

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Passive OS fingerprinting netfilter module allows to passively detect remote OS and perform various netfilter actions based on that knowledge. This module compares some data (WS, MSS, options and it's order, ttl, df and others) from packets with SYN bit set with dynamically loaded OS fingerprints. Starting from 2008_07_01 version OSF works only with Xtables, so you have to upgrade to recent kernels (and ename xtables support) and iptables (tested with 1.4.1.1). Also note, that Debian (starting from Lenny) has serious problems with iptables-dev package, which does not contain needed headers, so better install iptables from sources. Have you ever hear about a netfilter module that does passive OS fingerprinting? If you are interested in learning more about this check out this article.

LS Hmepg 337x500 34 Esm H200

Firewalk - Firewall Ruleset Testing Tool

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway hostdoes not allow the traffic, it will likely drop the packets on the floor and we will see no response. Do you need to test your firewall? This article look at the firewall rulset testing tool called Firwalk. Test it how and let us know what you think?

LS Hmepg 337x500 34 Esm H200

Simplify System Security With the Uncomplicated Firewall

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Uncomplicated Firewall (UFW) is a new tool from Ubuntu whose goal is to make configuration of the built-in Linux packet filter less complicated and more secure for novice users. You must run UFW commands as root, so in Ubuntu, you must preface them with the sudo command. With UFW, enabling and disabling packet filtering is a simple matter of issuing the sudo ufw enable and sudo ufw disable commands. You set the default policy for filtering packets by running the sudo ufw default command and passing the allow or deny argument, depending on what you want to achieve. If you issue the sudo ufw default allow command, all incoming packets will be allowed by default, creating a very unsecure packet filter but giving you the broadest range of allowed services. Have you tested the new Firewall tool from Ubuntu that says that it makes packet filtering easier? There are tons of GUI firewall tools who's goal is to make it easy for novice users. So my question is why do we need another one?

LS Hmepg 337x500 34 Esm H200

Devil-Linux Bundles Router/Firewall and Server in One Live CD

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Devil-Linux might sound hellish for a Linux distribution, but this live CD offers many blessings for your server needs. Originally developed as a router/firewall distribution, Devil-Linux has expanded its functionality to include nearly every service that a server might offer. It can function as an LDAP server, a VPN server, an email or file server, and more. As stated in the documentation, Devil-Linux runs directly from a CD or DVD-ROM only, so you don't need to install anything to a hard disk -- just keep the Devil-Linux configuration files that automate the configuration upon reboot on a diskette or USB drive. Since access to the live CD is read-only, it's impossible to install rootkits or other malicious software to the distribution. Setting up a home firewall can be a great way to protect your network. This article looks at one Linux distro that is designed to be used as a firewall. What do you Devil-Linux for your home network's firewall?

LS Hmepg 337x500 34 Esm H200

Set up Your Firewall With Firewall Builder

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Firewall Builder (fwbuilder) is a graphical application that can help you to configure IP traffic filtering. It can compile the filtering policy you define into many specifications, including iptables and various languages used by Cisco and Linksys routers. Separating the actual policy you define and the implementation in this way should let you change what hardware is running your firewall without having to redefine your policy for that platform. How do you setup your firewall? Do you use an application to help or do you us just write your own Iptables? This article looks at a firewall application called fwbuilder and shows you some of the features of this software.

LS Hmepg 337x500 34 Esm H200

Gibraltar Firewall 2.6 Launched

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Gibraltar Firewall 2.6, a Linux firewall distribution based on Debian, was launched yesterday as announced by Rene Mayrhofer. This will be the last release that will use the Linux kernel 2.4, as the next Gibraltar editions will use the 2.6 kernel. Among other things, this edition of Gibraltar offers improved traffic shaping performance (the iptables marking rules were re-ordered and the pre-defined traffic classes were improved), and allows SSL Explorer plugins to be installed. Have you ever used the Gibraltar Firewall? Gibraltar provides the user with a web interface for setting up their firewall. Now it's available for the Linux 2.6 kernel. Also in this release they added full WLAN access point functionality.

LS Hmepg 337x500 34 Esm H200

How To Set Up Shorewall (Shoreline) 4.0 Firewall On CentOS 5.1

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Shoreline Firewall, more commonly known as "Shorewall", is a high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities. https://shorewall.org/ Shorewall is a great firewall package for Linux it's, most distro's have packages available. What do you think about Shorewall? Do you have any other favorite firewall package.

LS Hmepg 337x500 34 Esm H200

A Dedicated Firewall/Router: Devil-Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Devil-Linux is a distribution which boots and runs completely from CD. The configuration can be saved to a floppy diskette or a USB pen drive. It was originally intended to be a dedicated firewall/router but now Devil-Linux can also be used as a server for many applications. Attaching an optional hard drive is easy, and many network services are included in the distribution. Have you used any Linux distributions which are design to be used as a firewall or router? This article looks at the Devil-Linux distribution with some useful links to learn more about this Linux distro.

LS Hmepg 337x500 34 Esm H200

Linux Demilitarized Zone (DMZ) Ethernet Interface Requirements and Configuration

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

(The)Demilitarized zone, used to secure an internal network from external access. You can use Linux firewall to create DMZ easily. There are many different ways to design a network with a DMZ. The basic method is to use a single Linux firewall with 3 Ethernet cards. The following simple example discusses DMZ setup and forwarding public traffic to internal servers. There's a little advanced know-how required here and he recommends a couple good firewalls to set up such functionality just in case this very useful guide doesn't fit the bill. If you are looking to set up a Linux Demilitarized zone a couple of options include EnGarde, IpCop and others.

LS Hmepg 337x500 34 Esm H200

Iptables as a Replacement for Commercial Enterprise Firewalls

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Are you administrating a corporate network? How do you ensure securing your web services? There are many different solutions, but Iptables is one of the newer ones, and is up to the job. With IT budgets getting tighter, managers need to trim costs. Service contracts are expensive for any technology; firewalls are no exception. Netfilter, the project that provides the packet filtering program Iptables, is a free firewall alternative. While it lacks the service contract of commercial solutions and a pretty interfaces to make firewall modification easy, it has solid performance, performs effectively at firewalling, and allows for add-on functionality to enhance its reporting and response functions.

LS Hmepg 337x500 34 Esm H200

Review: 7 Linux/BSD Firewalls

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A new blogger to the Linux Security space (he switched months ago), the owner of Fsckin w/linux took a trip to test Firewalls and Linux. From IPCop to Smoothwall to the 8MB Monowall, he compares and contrasts the value of each platform - but with a catch. The HP Vectratesting platform we are using today is an HP Vectra slimline PC. Considering the computer was FREE (as in beer) after a company upgraded their workstations, the specifications are nothing to scoff at. * Pentium III 500 MHz * 192MB of RAM * 1GB Transcend disk-on-chip IDE module * Dual 100Mbps NICs Very interesting...

LS Hmepg 337x500 34 Esm H200

Interview with the author of "Linux Firewalls"

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Michael Rash, the author behind "Linux Firewalls" chimes in about his background, his distro of choice, the current state of Linux security and much, much more. He covers many issues and provides a lot of insight into security and Linux: Question: What is the most interesting fact you've become aware of while researching for this book? Intrusion detection systems and firewalls commonly offer the ability to tear down TCP connections by forging a RST packets, but the specifics of how this is done varies quite a bit across different IDS and firewall implementations. The most interesting fact I stumbled across during my research concerns differences in the handling of the ACK control bit on RST packets. For example,

LS Hmepg 337x500 34 Esm H200

IPFire: Free firewall for your home or SOHO

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

IPFire is a linux based firewall distribution with a lot of extras. The base for the stable version 1.4.9 was the IPCop that has been hardly modified. There were added: Asterisk PBX, Samba, MorningReconnect, LPR-NG and many other things. I've always been a fan of Shorewall and Firestarter - what have you used as a good base firewall setup? Any thoughts how this will match up in an enterprise server environment?

LS Hmepg 337x500 34 Esm H200

Firewalls? Firewalls?? We don't need no stinkin' Firewalls!!

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Firewalls are often framed as a one job tool. Furthermore, when looking to set up a secure network infrastructure, this Debian Admin says that sometimes they aren't aren't even needed! To the contrary, Firewalls can be engineered to serve a number of purposes such as fragment reassembly for instance (as the author at TuxMachines states) and are generally only as secure as they are configured to be. It seems that Firewalls are commonly misconceived of both being the given for network security (possibly not true) and not nearly enough on their own (the given among those who know security). (bonus points for those who know the movie being alluded to in the title)

LS Hmepg 337x500 34 Esm H200

Firewall Configuration Testing Tool

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Sometimes a rule configuration may reside in a place other than the basic rule configuration place. In such a case, it is difficult to confirm whether it is an intended configuration by the system administrators. (Is an unnecessary hole open, or is a necessary hole open?) So, we developed a tool which checks the rule of a Firewall. " In any network your first line of defense is the firewall. One new firewall checker is called Dr.Morena. It's made up of two modules one is the check engine and the other is the packet list making engine. They work on Linux so it's good at checking your iptables. Go ahead and test your firewall to see how well it protects your network.

LS Hmepg 337x500 34 Esm H200

Securing Your Linux Server With Iptables

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

'Spamming', when used in a different context, does not necessarily have to be email specific. If you ever had a chance to play arcade fighter's such as Street Fighter 2, you'll notice that certain fighters have "cheap" moves that can be "used over and over", such as M. Bison's scissor kick corner trap (ah the old days). A player could pretty much "spam" this combo over and over. The interesting part about this cheap combo is that it could be countered just as easily with some skill. A basic set of good iptables rules is the perfect counter punch to a slew of common spamming attacks - no need to have SpamAssassin or procmail process the email when it doesn't even get through the front lines! Read on to gain a good base understanding of iptables and its rules. Ha-dou-ken!

LS Hmepg 337x500 34 Esm H200

IPS app available for free

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Network managers looking for an inexpensive way to better secure traffic crossing their nets might want to check out a free application from Intoto. Intoto, a provider of security software for enterprise network equipment and CPE gateways, last week at Interop, introduced a stand-alone intrusion-prevention system (IPS) application that the company says will help small and midsize companies looking for enterprise-scale security tools.

Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved