INSUBCONTINENT EXCLUSIVE:
A firewall is an important aspect of computer security these days, and most modern routers have one built in, which while helpful, can be
Fortunately there are also distributions (distros) of the free operating system Linux which have been specifically designed to function as
firewalls.These will generally have much more advanced features than those found on a router, and allow you to have far greater control over
keeping your personal or business network safe.In this article, we're going to evaluate six of the most popular free firewall distros
We have tried to emphasise both power and ease of use when considering these offerings and their relative merits
distros can either be installed to a physical computer, or if you only have one device, run from a virtual machine
See our guide on setting up a virtual machine in Windows.Most distros can be downloaded as an ISO file
You can use programs like UNetbootin to copy them to a USB stick and boot
your needsSmart looking distroClearOS is by far the sleekest looking firewall distro in this roundup
It's obvious that a lot of time and care has gone into developing the interface.As most firewall distros are written for the stereotypical
geek, it's nice to see a refreshing change in what seems to have become the de facto standard of 'cobble it together and think about the
This said, ClearOS will run quite happily from the command line for more advanced users.The installation is painless and takes around 10
You're given the choice to start in Public Server or Gateway mode, depending on how you want to use ClearOS
completed setup and accessed the web-based admin system, it doesn't take long to familiarise yourself with the various settings and features
Setting up firewall rules is quick and painless, as is much of the other configuration.The most pertinent feature of ClearOS is its
usability, but this distro is about a lot more than just sleek looks
extra services to your network.Overall, ClearOS is a powerful distro
firewall that provides a lot of details about your network setupDelivers effective protectionProvides plenty of info on your
networkInterface doesn't look greatThis distro, while entirely separate from IPFire, uses a helpful colour-coding scheme similar to the
latter, in order to represent different connections
also cover later) and was in turn forked by the IPFire team as updates to IPCop are few and far between
The most recent version (2.1.9) was released in February 2015.Installation is relatively straightforward, but there are some wildcard
questions thrown into the mix
While these may puzzle the novice user, accepting the default options won't cause any issues unless you have a very specific network
One of the main advantages of IPCop is that the installation image is very small (around 60MB) and can be copied onto a DVD or flash
However, other than the 'real-time' graphs that Smoothwall provides, IPCop gives a lot more information about your LAN setup, and about the
running of the firewall itself, including a list of the connections that are currently open.The Firewall also provides a 'caching proxy', so
that you can cache frequently accessed pages locally.IPCop does a good job as a firewall, giving plenty of information about traffic on your
network, and while it might not be the prettiest distro in the world, it does what it's designed to do.OPNsenseSecurity-minded fork of the
original pfSense projectFeature-packedWeekly security updatesOpenVPN supportOPNsense is an easy-to-use open source firewall based on FreeBSD
10.1 to ensure long-term support
project started out as a fork of the more established firewall pfSense in January 2015
The team claimed their reasons for forking the project were partly due to the type of licence pfSense used at the time, and partly because
Also note that the fork generated quite a lot of controversy between pfSense diehards and OPNsense supporters on Reddit.OPNsense offers
weekly security updates so can respond quickly to threats
It contains many advanced features you'd usually find only in commercial firewalls such as forward caching proxy and intrusion detection
It also supports using OpenVPN.OPNsense incorporates a very rich GUI written in Phalcon PHP which is a real pleasure to use
Aside from being more appealing than pfSense's interface, OPNsense was created partly due to the fact that the team felt the graphical
This module is interactive and provides visual feedback when analysing your network
You can also now export your data in CSV format for further analysis.The firewall uses an Inline Intrusion Prevention System
This is a powerful form of Deep Packet Inspection whereby instead of merely blocking an IP address or port, OPNsense can inspect individual
data packets or connections and stop them before they reach the sender if necessary
OPNsense also offers LibreSSL over OpenSSL.IPFireAn easy-to-use firewall with some super-advanced featuresSimple to set upSerious security
chopsNicely lightweightIPFire is a Linux firewall distro focusing on user-friendliness and easy setup without compromising your security,
supporting some useful features such as intrusion detection
specifically designed for people who are new to firewalls and networking, and can be set up in minutes
The installation process allows you to configure your network into different security segments, with each segment being colour-coded
The green segment is a safe area representing all normal clients connected to the local wired network
The default setup is for a device with two network cards with a red and green segment only
However, during the setup process you can also implement a blue segment for wireless connections and an orange one known as the DMZ for any
for IPFire is only 171MB in size, so once burned to DVD it'll happily load into your computer's system memory and work from there
Alternatively you can download a flash image to install it to a router or even an image for ARM devices such as the Raspberry Pi
This is perfect if you wish to show people who connect to your Wi-Fi network a landing or login page before connecting directly to the
You can choose to boot from either a CD or USB drive.The setup assistant will ask you to assign interfaces during the installation, rather
than once you've booted to the web interface
multi-WAN, Dynamic DNS, hardware failover, and different methods of authentication
Unlike IPFire, pfSense already has a feature for a captive portal, whereby all DNS queries can be resolved to a single IP address such as a
the most feature-rich firewall distro out there, but falls down due to a lack of non-firewall-related extra features
If you're just after a simple firewall, you can't go wrong by choosing pfSense, but if you need anything above and beyond that basic
functionality, you may want to consider one of the other distros.Smoothwall ExpressA great firewall that's commendably
user-friendlyEasy-to-useOffers compatibility with older hardwareShort on advanced featuresSmoothwall Express is probably the most well-known
To test this, we did a quick poll of 20 Linux geeks, asking them to name a firewall distro
19 of them came up with Smoothwall first.The installation of Smoothwall Express is text-based, but you don't need to be familiar with the
You may prefer to download or indeed print out the installation guide to walk you through the setup process
In order to do this you'll need to create a my.smoothwall profile.There are three installation options: Standard, Developer and Express
Developer is reserved for those people who actually want to work on coding the Smoothwall project
Smoothwall Express doesn't provide much in the way of extra features, but does allow you to have a separate account to control the main
connection, which is especially useful if you're using dial-up, alongside its caching web proxy service.One of the benefits of Smoothwall
was that assigning static DHCP lease assignments requires you to click Add followed by Save, and it isn't particularly obvious that you have
to perform the second step
This led to a fair bit of confusion with our network attached printers jumping from one IP address to another.Final verdictChoosing the
right firewall distro is largely dependent on your specific requirements, but whatever they may be, having protection from a firewall is
simply a matter of common sense given the multitude of dangers on the internet these days
That said, aside from basic protection, once your firewall is installed it can also be helpful to have a few extra features for good
measure.Just a firewallIf you're after a basic firewall, then all of the distros here will do a good job, with some performing better than
Express are excellent options if you're not after anything too complex
If you need a commercial-grade solution and have money to burn, check out Smoothwall's paid-for arm.If you want something with a small
footprint, or to run on an embedded device, pfSense's website contains helpful guides to do this, although it will only run on x86
This is why we prefer to use virtualisation, whereby the firewall can run as a virtual server on the same hardware you use for web
It's the only firewall that once installed will keep on running with minimal prompting and interference from you
If you ever need to locate specific settings, these are simple to find as well.zC4k3hKhxNP5aG8J8Jh7NH.jpg#
