A basic skill for all Linux systems and network administrators is to know how to write a strong iptables firewall from the beginning, and how to modify it to adapt it to different situations. However, in the real world, this seems to be rare. Learning iptables is not a simple process, but I recommend the following information on the Internet to you, so that you can use it easily.
I believe that all administrators should thoroughly understand Iptables. However, another alternative method is to use an excellent open-source Linux Firewall generation tool.
Firewall Builder
The first appearance was Firewall Builder, a comprehensive multi-platform graphical open-source Linux Firewall configuration and management tool. It runs on iptables, ipfilter, OpenBSD PF, and Cisco's PIX. Through design, it hides the details of Rule Design, and focuses on writing policies. However, do not run the firewall generator on your real firewall because it requires X Windows. You need to run the script on a workstation and copy it to the firewall.
Firestarter
The second is Firestarter, which is an excellent graphical open-source Linux Firewall generation wizard. It can guide you step by step through the process of building an open-source Linux firewall. This is a good option for a NAT firewall that shares a unique public IP address with the LAN, and after the firewall, it also has some public services or a separated DMZ. It has some simple commands to enable or disable the firewall, allowing you to view the status view and current activity. You can run it on a headless computer and remotely monitor it, or use it as an independent firewall.
Shorewall
Third, Shorewall is a popular open-source Linux Firewall generator. It is more complex and flexible than Firestarter, and is suitable for more complex networks. The learning curve of Shorewall is similar to iptables. However, it provides a wide range of documents and provides guidance on solutions to different situations, such as a single host firewall, two interfaces and three interface firewalls, and firewalls with multiple public IP addresses. You can get a lot of help on filtering P2P services, such as Kazaa rate limit, QoS (Quality Service), VPN transfer and conversion.
We recommend these three software to you to enable the majority of users to use open-source Linux firewalls, instead of spending money to purchase commercial firewall software, the latter is inferior to the built-in Linux and Unix package filters in any case. Users should spend limited funds on purchasing higher quality hardware.
- Linux firewall technology topics
- Recommended four best Linux/BSD firewalls for you
- PfSense: open-source firewall to build a solid network