Despite the fact that pfSense and m0n0wall seem to receive the portion of the consideration lion in the market for firewall / router open source, with pfSense overboard m0n0wall in recent years, there are several distributions good firewall / router obtainable under Linux and BSD. These projects build on their respective native firewall operating systems. Linux, for example, incorporates the netfilter and iptables in its kernel. OpenBSD, on the other hand, uses PF (Packet Filter), which replaced IPFilter firewall as the default FreeBSD in 01. The following is a list (not exhaustive) of some of the firewall / router available for Linux and BSD distributions, along with some of their capacity.
[1] Smoothwall
The Smoothwall Open Source project was established in 00 in order to develop and maintain SmoothWall Express - a free firewall that includes an operating system GNU / Linux toughened safety and a web interface easy to use. SmoothWall Server Edition is the initial product of SmoothWall Ltd., launched on 11/11/01. It was essentially SmoothWall GPL 0.9.9 with support provided by the company. SmoothWall Corporate Server 1.0 was released on 12.17.01, a closed source fork of SmoothWall GPL 0.9.9SE. Corporate Server included additional features such as SCSI support, together with the ability to increase functionality by means of add-on modules. These modules included SmoothGuard (proxy filter content), SmoothZone (multiple DMZ) and SmoothTunnel (Advanced VPN). Additional forms available over time including modules for traffic shaping, anti-virus and anti-spam.
A variation called SmoothWall Corporate Server Corporate Guardian was released, the integration of a DansGuardian fork known as SmoothGuardian. School Guardian was created as one of the Corporate Guardian variant, the addition of directory / support capabilities for LDAP authentication and firewall active in a package specifically designed for use in schools. December 03 saw the release of SmoothWall Express 2.0 and a series of comprehensive written documentation. The alpha version of Express 3 was released in September 05.
Smoothwall is designed to work effectively the oldest, the cheapest hardware; It will operate on any CPU Pentium and above, with a recommended minimum of 128 MB RAM. Also there is a 64-bit accumulation for Core 2 systems Here is a list of features:
- Firewalling:
- Supports LAN, DMZ, and wireless networks, as well as external
- external connectivity via: Static Ethernet, Ethernet DHCP, PPPoE, PPPoA using various USB and PCI DSL modems
- forward door, DMZ pin-holes
- The filter output
- timed access
- easy to use Quality-of-Service (QoS)
- traffic statistics, including the interface and for total IP for weeks and months
- IDS Snort rules through automatically updated
- UPnP support
- List of Bad IP addressed to block
- proxy:
- Web proxy for accelerated browsing
- email POP3 proxy with Anti-Virus
- IM proxy with real-time display of log
- IU:
- Responsive web using AJAX to provide real-time information technical interface
- charts the real-time traffic
- all the rules have an optional Comment field for ease of use
- log viewers for all major subsystems and firewall activities
- Maintenance:
- config backup
- Easy single-click application of all pending updates
- Shutdown and restart user interface
- More:
- Service Time for the network
- Develop Smoothwall yourself using the "Devel" self-hosting builds
[2] IPCop
a stateful firewall built on Linux netfilter framework that was originally a fork of SmoothWall Linux firewall, IPCop is a Linux distribution that aims to provide an easy-to-manage firewall hardware-based PC. Version 1.4.0 was introduced in 04, based on the LFS distribution and a 2.4 kernel, and the current stable branch 2.0.x, released in 2011. IPCop v2.0 incorporates some significant improvements over 1.4, including the following :.
- Linux 2.6.32 kernel based on
- New hardware support, including cobalt, SPARC and PPC platforms
- New installer, which allows you to install Flash or hard disk, and choose interface cards and assign them to particular networks
- access to all pages of the web interface is now the protected password
- a new user interface, including which a new schedule page, multiple pages on the status menu, an updated proxy page, a simplified DHCP server page, and a revised menu firewall
- the inclusion of support for OpenVPN virtual private networks, as a substitute for IPsec
IPCop. v 2.1 includes bug fixes and a number of other improvements, including being using the Linux kernel 3.0.41 and URL filtering service. In addition, there are many obtainable add-ons, such as advanced QoS (traffic shaping), virus checking e-mail, traffic overview, extended interfaces to control the proxy, and many others.
[3] IPFire
IPFire is a free Linux distribution that can act as a router and firewall, and can be maintained through a web interface. The distribution offers selected sever demons and can be easily expanded for a SOHO server. It provides an enterprise-wide network security and focuses on security, stability and ease of use. A variety off add-on can be installed to add more features to the base system.
IPFire uses a Stateful Packet Inspection (SPI) firewall, which is built on top of netfilter. During the installation of IPFire, the network is configured in separate segments. This segmented security scheme means that there is a place for each machine in the network. Each segment represents a group of computers that share a common security level. "Green" is a safe area. This is where all the regulars will reside, and usually consists of a wired local network. Customers on Green can access all the other network segments without restrictions. "Red" indicates danger or connect to the Internet. Nothing to Red is allowed to pass through the firewall unless specifically configured by the administrator. "Blue" is part of the wireless local area network. Since the wireless network has the potential for abuse, it is uniquely identified and specific rules governing the customer on it. The customers of this network segment must be explicitly authorized before they can access the network. "Orange" is the Demilitarized Zone (DMZ). Any servers that are accessible to the public are separated from the rest of the network here to limit security breaches. In addition, the firewall can be used to control the Internet access in output from each segment. This feature allows the network administrator complete control over how their network is configured and secured.
One of the unique features of IPFire is the degree to which it incorporates intrusion detection and intrusion prevention. IPFire incorporates Snort, the free Network Intrusion Detection System (NIDS), which analyzes network traffic. If something abnormal happens, it will record the event. IPFire allows you to see these events in the web interface. For automatic prevention, IPFire has an add-on called guardian that can be installed optionally.
IPFire leads many riders to front-end virtualization, high-performance and can be run on different platforms for virtualization, including KVM, VMware, Xen and others. However, there is always the possibility that the VM container security can be bypassed in some way and the hacker can access over the VPN. Therefore, it is not recommended to use IPFire as a virtual machine in a production-level environment.
In addition to these features, IPFire incorporates all the functions you would expect to see in a firewall / router, including a stateful firewall, a web proxy, support for virtual private networks (VPN) using IPSec and OpenVPN, and traffic shaping.
Since IPFire is based on a recent version of the Linux kernel, supports most of the latest hardware such as network adapters 10 Gbit and a variety of wireless hardware out of the box. Minimum system requirements are:
- The Intel Pentium (i586)
- 128 MB RAM
- 2 GB of hard drive space
Some add-ons are additional requirements to run smoothly. In a system that measures the hardware requirements, IPFire is able to serve hundreds of clients simultaneously.
[4] Shorewall
Shorewall is an open source firewall tool for Linux. Unlike other firewall / router mentioned in this article, Shorewall does not have a graphical user interface. Instead, Shorewall is configured by a group of plain text configuration file, although a Webmin module is available separately.
Since Shorewall is essentially a frontend for iptables and netfilter, usual firewall functionality is available. And 'able to do Network Address Translation (NAT), port forwarding, recording, routing, traffic shaping and virtual interfaces. With Shorewall, it is easy to configure different zones, each with different rules, making it easy to have, for example, the rules relaxed on the company Intranet while suppressing traffic from the Internet.
While Shorewall once used a frontend shell-based compiler, since version 4, also uses a Perl-based frontend. IPv6 address support began with the 4.4.3 version. The latest stable version is 4.5.18.
[5] pfSense
pfSense is a / router open source firewall distribution based on FreeBSD as a fork of the m0n0wall project. It is a stateful firewall that incorporates many of the m0n0wall features, such as NAT forwarding / port, VPN, traffic shaping, and captive portal. It goes even further m0n0wall, which offers many advanced features, such as load balancing and failover, the ability to accept only traffic from certain operating systems, easy to spoof the MAC address, and VPN using OpenVPN and L2TP protocols. Unlike m0n0wall, where the focus is more on the integrated use, the pfSense focus is on the full installation of the PC. However, a version is targeted condition for embedded use.
0 Komentar