• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1673
  • Last Modified:

Linux Firewalls Distro's

I am looking for some open-source firewalls that will allow me to configure through a WebGui. I love m0n0wall but it won't let me block any URL's. Like Smoothwall but won't let me have public IP's in the DMZ. Like RedWall but just too much of a bear. You guys know of anything else?? This will be the firewall for my companie's network.
4 Solutions
Have you looked at IPCOP:


Here's what they say about their product:
Below, you will find a copy of our Mission Statement. All members of the IPCop Firewall Team strive to meet these goals. By achieving these goals, the IPCop Firewall will be one of the major Linux Firewall distributions in the world.

Provide a stable Linux Firewall Distribution.
Provide a secure Linux Firewall Distribution.
Provide an opensourced Linux Firewall Distribution.
Provide a highly configurable Linux Firewall Distribution.
Provide an easily maintained Linux Firewall Distribution.
Provide an easily configured Linux Firewall Distribution.
Provide reliable Support to the IPCop Linux user base.
Provide an enjoyable environment for the Public to discuss and request assistance.
Provide stable, secure, and easy to implement upgrades/patches for IPCop Linux.
Develop an appreciation for both the Linux and Opensource movements in our user base.
Develop a long lasting relationship with our userbase.
Strive to adapt IPCop to meet the needs of the Internet of Tomorrow.
Further develop the Linux Knowledge base of all Project Members and Users.
After seeing the direction certain Linux Distributions were heading in, a group of dissatisfied users/developers decided that there was little reason for the idea of a GPL Linux Firewall Distribution of such potential to be, simply, extinguished.

IPCop Linux is a complete Linux Distribution whose sole purpose is to protect the networks it is installed on. By implementing existing technology, outstanding new technology and secure programming practices IPCop is the Linux Distribution for those wanting to keep their computers/networks safe.

The IPCop Linux Team is dedicated to doing the very best job possible to keep your systems safe, as you can see on our site.

"The Bad Packets Stop Here!"

> .. won't let me block any URL's
this is not a (network) firewall issue, but a proxy or application level firewall (aka adaptive proxy)

> ..won't let me have public IP's in the DMZ
this is unusal
But first think of your network topology and assigned IP.
Assuming that you firewall's WAN IP is in the same IP subnet as the DMZ-IP, then this could not work. That's not a firewall problem, but one of your network design.

Best is you assign the public IPs of your DMZ to the WAN interface of your firewall (as virtual interface for example), assign a private IP to your DMZ hosts and then forward all packets according your firewall rules to these DMZ hosts.

I'd recommend that you get used to iptables, which is simple in first glance. That's much easyer than configuering some so-called sophisticated GUIs (which mainly hide iptables functionality).
I agree with ahoffmann, most of the iptables GUIs mask and often do not provide control over the full functionality of iptables.

Learn iptables at the command-level or how to manipulate the iptables config file and you'll be much better off then relying on these poor UI crutches.  In this instance, we're not being the typical UNIX bigots, iptables is an app best run through the Shell, so to speak, and not with any of the available, but limited GUIs.

It sounds like you're a small office, so you may want to invest in a very inexpensive appliance firewall device such as a Check Point Safe@Office, NetScreen-5GT, or Watchguard Firebox which costs less than $400 (cheaper than a PC running Linux and a firewall software you're not comfortable with).

My $0.02

If you still want to go down this path, check this site out for more info in Linux firewalls and GUIs to control iptables:
Firestarter is good to get you off the ground, but you will need a better log tool and more advanced options after it gets you started to configure DMZ device control.
Kien KennedyCommented:
Linux Firewalls Distro's ???
Here is Linux Firewall Distro numbered 1 in www.distrowatch.com:

Some information:
Devil-Linux is a CD-based Linux distribution for firewalls and routers. The goal of Devil-Linux is to have a small, customizable and secure (what is secure on the Internet?) Linux. The future of Devil-Linux will go far beyond an ordinary router, we will provide a lot of other services, but the distribution will still be easy and fast to maintain.

Homepage: http://www.devil-linux.org

Note: It's great!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now