Best Linux Firewalls
iptables is a user space application program that does packet filtering, network address translation (NAT), and port address translation (PAT). iptables is for IPv4. ip6tables is for IPv6.
iptables needs kernel with ip_tables packet filter (including Linux kernel 2.4.x and 2.6.x). Using iptables you can view, add, remove or modify the rules in the packet filter ruleset.
- Home page: http://www.netfilter.org
- Author: Rusty Russell
- Latest stable release: 1.4.6
- License: GNU
- Read more about Iptables at Wikipedia
IPCop is for small-office and home-office users. This is a Linux firewall distribution, that requires a separate low power PC to run the software. You can configure the firewall rules from a friendly web interface. This is a stateful firewall based on Linux netfilter.
You can take an old PC and convert it to a secure internet application with IPCop, which will secure the home/small-office network from internet and also improve web browser performance by keeping some frequently used information.
- Home page: http://www.ipcop.org
- Latest stable release: 1.4.21
- License: Open source
- IPCop screenshots
- Read more about IPCop at Wikipedia
Shorewall firewall’s tag-line is: iptables made easy. It is also known as “Shoreline Firewall”. It is built upon the iptables/ipchains netfilter system.
If you have hard-time understanding the iptables rules, you should try shorewall, as this provides a high level abstraction of iptables rules using text files.
Shorewall contains the following packages:
- Shorewall – Helps to create ipv4 firewall
- Shorewall6 – Helps to create ipv6 firewall
- Shorewall-lite – Helps to administer multiple ipv4 firewalls
- Shorewall6-lite. Helps to administer multiple ipv6 firewalls
Additional information about shorewall:
- Home page: http://shorewall.net
- Author: Thomas M. Eastep
- Latest stable release: 4.4.3
- License: GPLv2
- Read more about Shorewall at Wikipedia
4. UFW – Uncomplicated Firewall
UFW is a command line program that helps manage the netfilter iptables firewall. This provides few simple commands to manage iptables. Gufw is a graphical interface for the UFW that is used on Ubuntu distribution. It is very intuitive and easy to manage your iptables firewall using Gufw. You can run Gufw on any Linux distribution that has Python, GTK and ufw.
To allow ssh access in UFW you have to do the following. It’s that easy.
$ sudo ufw allow ssh/tcp
- ufw home page: https://launchpad.net/ufw
- ufw latest stable release: 0.27.1
- License: GNU
- Gufw home page and screenshots
- Gufw Stable Release: 9.10.4
- Read More UFW at Wikipedia
5. OpenBSD and PF
PF stands for packet filter. PF is licensed under BSD and developed on OpenBSD. PF firewall is installed by default on OpenBSD, FreeBSD, NetBSD.
PF does the following.
- Packet Filtering
- Traffic redirection (port forwarding)
- Packet Queueing and Prioritization
- Packet Tagging (Policy Filtering)
- Excellent log capabilities
Additional information about PF:
- Home page: http://www.openbsd.org/faq/pf/
- Author: Daniel Hartmeier
- License: BSD
- Read more about PF at Wikipedia
Additional Firewall Software
Following are additional firewalls mentioned by readers along with the total number of votes it received.
- CheckPoint FireWall-1 5
- pfsense 5
- Firestarter 5
- Netfilter 4
- SmoothWall Express 3
- Guarddog 3
- ipchain 3
- Endian 2
- Susefirewall 1
- Cisco ASA/PIX 1
- ClearOS 1
- APF 1
- Firewall Builder 1
- Auto firewall in Puppy Linux 1
- Drawbridge 1
- Monowall 1
- Firehol 1
- SuSEfirewall2 1
- Content credit: mp3skulls