Move beyond iptables with these tailor-made firewall distros.
In a sense, Linux has a firewall built right into the kernel itself. That said, it isn’t the most convenient to use. There are several graphical utilities that can help you manage it, but its protection is restricted to your Linux installation. What about the other devices in your network? Whether you are a home user or manage a small business, chances are you have multiple devices connected to the Internet. In addition to the computers, it’s also fairly common for establishments of all sizes to have a slew of IoT devices as well that need to be protected from the rouge elements on the Internet. A dedicated firewall stands between the internet and sanitizes all traffic before it reaches your internal network. While it takes quite some skill to set one up from scratch, there are several specialized distros that will help you set up a dedicated firewall with ease. IPFire is a Linux-based stateful firewall distro that’s built on top of Netfilter. It began as a fork of the IPCop project, but has since been rewritten based on Linux From Scratch. IPFire can be deployed on a wide variety of hardware, including ARM devices such as the Raspberry Pi. Owing to its minimalist nature, IPFire is more approachable compared to some of its peers. The installation process allows you to configure your network into different security segments, with each segment being colour-coded. The green segment is a safe area representing all normal clients connected to the local wired network. The red segment represents the internet. No traffic can pass from red to any other segment unless you have specifically configured it that way in the firewall. Besides its firewalling features, IPFire also has intrusion detection and prevention capabilities, and can also be used to offer VPN facilities. The distro can also be fleshed out using a handy set of add-ons to give it additional functionalities. OPNSense is derived from the efforts of two mature open source projects, namely pfSense and m0n0wall. Instead of using Linux, OPNsense is powered by HardenedBSD, which is a security oriented fork of FreeBSD.
