When you listen to the Firewall your sensory nerves impulse the brain signals to reproduce a scene in your mind related to blocking of popular Social networking websites, Intrusion Capturing and blocking applications. Firewalls are not just about the blocking some web content or restricting access over a network. It is one big bowl of supernumerary possibilities. Though this article is not about the introduction to Firewall but still I want to reproduce few very ordinary real life scenes to produce the analogy with Firewall.
You are walking down a dark road suddenly someone jumps from the dark with a knife in his hand, force you and takes away all your money , Credit Card , DL and your Car keys. Around every corner lurks danger and with nowadays you definitely need a big, burly bodyguard down in that street with you. Firewall is a specially designed software to protect you from mean guys online. Without a Firewall you will be like a millionaire carrying all its wealth in a suitcase inviting anyone to come and take it all away.
For all those who are still dazed and confused about the analogy let me get real. Firewall is a system or group of systems that enforces an access control policy between two networks. Their two major mechanisms that exist in a firewall are for allowing and blocking of traffic based on the criteria specified. The third mechanism that has been added recently is keeping a log as this help for future predictions in case of future requests, because of the logging procedure we can now develop various tools to combat different kind of web attacks. Hence the three main fundaments of a firewall are Forwarding, Blocking, Logging/Accounting. A Firewall can be prepared to work either on your machine so that it can protect as you use the internet or it can made to run between your network and your connection to the internet . We will be looking at selection of these in this roundup.
The reason why Open Source Firewalls are better source to drench your curiosity about Firewall, is that these days Infrastructure tool is getting green with Open Source. You can see transitions in various organizations fully migrating to Open Source.
Some of the Top Firewalls Around:
Moving on with the topic lets remove the curtains from some of the big names in the firewall industry. Using a Linux kernel you there exists a humungous chance that u might have already been introduced to some of these rulers of the security world. Today we will be going through iptables, IPCop, Shorewall, UFW and OpenBSD. These are some of the most widely used firewalls in current scenario. As per an online survey where 160 users participated these were the results
Lets get them now one by one.
Iptables: Iptables is an user space application program that does packet filtering, network address translation (NAT), and port address translation (PAT). This is the basic firewall that comes preinstalled with various Linux kernels. Iptables became primary Firewall from kernel version 2.4x onwards. It replaced its predecessor called IpChains.
IpTables allows a System Administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; IpTables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables for Ethernet frames. IpTables requires elevated privileges to operate and must be executed by user root, otherwise it fails to function. On most Linux systems, IpTables is installed as /usr/sbin/IpTables.
You can use Iptables to achieve all the basic essentials of network security i.e. Blocking, Accounting and Forwarding.
To list the existing rules in your firewall type:
sudo iptables –L
For those of you using iptables for the first time will most probably see a Firewall with no rules in there, this is because though an iptables firewall is provided, its use can vary from user to user as per their need. So you need to set up various rules depending on the type of protection you need. If your version of the Linux does not have this basic tool just download it from Netfilter’s website.
Ipcop : This is a stateful firewall based on Linux netfilter .Some of IPCops impressive base install features include: secure https , DHCP Server security, Proxying, DNS Proxying, Timed Server, Dynamic DNS configurations, Traffic prioritization , Intrusion Detection using Snort, ISDN/ADSL device support functionality , VPN (IPSec/PPTP)functionality and Traffic /Systems /Firewall /IDS graphing. Apart from the astounding base features there are dozens of add-ons which can further expand the security scope of your IPCop from Web Filtering to Anti virus scanning.
If you work on a SOHO network, then you can just use any old PC and convert it into an protector for your network interface. Just run this firewall on a low power PC and it will be the thing you always needed. You just need to establish the ground rules using simple GUI’s and leave the rest to this tool. Feel free now and use the internet with your networks personalized bodyguard. In addition to the Firewall effect it also increases your net experience by just storing the frequently used information.
If you have hard time understanding iptables rules you should really try Shorewall as it provides a high level abstraction of iptables rules in text files.
You have to describe all of the firewall requirements using entries among a group of configuration files. then analyses these files and using the iptables and its utilities , Shirewall then configures Ntefilter and the networking components of your Linux to match the specified requirements. Shorewall can be used on a dedicated system , a muti functional gateway or a standalone Linux PC .
Shorewall does not use Netfilter’s ipchains compatibility mode and can thus take advantage of Netfilter’s connection state tracking capabilities.
UFW-Uncomplicated Firewall :
UFW provides for an easy and interactive tool to create an IPv4 or IPv6 host-based firewall. It uses a iptables for configuration and a command prompt interface consisting of a small number of simple instructions . Its graphical interface is Gufw. It is very simple and intuitive to maintain your iptables using Gufw .It can be used on any Linux system that has python, GTK and ufw. UFW can be installed by just 1 simple command on your command prompt “sudo apt-get install ufw”. By default UFW is disabled. To enable UFW just type “sudo ufw enable “on your command prompt. UFW can now be used to perform all the stuff you can do with the help of iptables.
OpenBSD and PF :
The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. PF implies Packet filter. PF is licensed for BSD and is developed on OpenBSD platform . PF firewall is preinstalled on OpenBSD, FreeBSD, NetBSD. PF can be used to perform Packet Filtering , Port scanning , Port forwarding , IP filtering, Prioritization of packets , Log data , and other firewall basic operations .
Iptables : This is basically for explorers , thinkers or in short developers. The limits are up to what you can think .You can create scripts to create whatever kind of protection you need. Iptables is the most common backend for most successful firewalls around.
Ipcop: This Firewall can do all types of tasks but is more suggested for the SOHO networks. Easy to use, Interactive GUIs, Free license, Open source,etc. Makes it one of the most widely used firewalls around the Linux world.
Shorewall Firewall: ‘Iptables made easy’, well if you need to work with iptables but you are having a hard time understanding or learning its commands, what you need is a shorewall firewall i.e. Shoreline. It provides with functions that read what u need from text files and give you a firewall based on iptables that will suit your needs. In short this can be called as iptables simplified
UFW: This is again a configuration tool for iptables. It is the default firewall configuration system which comes already installed on many Linux kernals. Gufw is the part that controls the GUI’s for this firewall configuration system.
The GUI’s are quit interactive and make it easier to manage a firewall of your own.
OpenBSD and PF: PF as the name goes Packet Filter is the component that handles the network interface on OpenBSD. It comes preinstalled on major BSD kernels . It can supply for all the needs of a firewall for the BSD systems.