Free Open-Source Solution for Firewall
Do you use any firewall to protect your network infrastructure?
The below listed free open-source solution for firewall that helps you to save money and protect your infrastructure from being hacked..
The following free firewall is different than a web application firewall. They are to protect infrastructure instead of code or application.
An open source security solution with a custom kernel based on FreeBSD OS. pfSense is one of the leading network firewalls with a commercial level of features.
pfSense is available as a hardware device, virtual appliance and downloadable binary (community edition).
What you get in FREE is community edition.
I like their extensive documentation, well explained and easy to follow. On a high-level, some of the worth mentioning pfSense features are:
• Firewall – IP/port filtering, limiting connections, layer 2 capable, scrubbing
• State table – by default all rules are stateful, multiple configurations available for state handling,
• Server load balancing – inbuilt LB to distribute load between multiple backend servers
• NAT (Network address translation) – port forwarding, reflection
• HA (High-availability) – failover to secondary if primary fail
• Multi-WAN (wide area network) – use more than one internet connection
• VPN (virtual private network) – support IPsec and OpenVPN
• Reporting – Keep historical resources utilization information
• Monitoring – real-time monitoring
• Dynamic DNS – multiple DNS clients are included
• DHCP & Relay ready
More than some of the commercial firewall features you get in FREE.
Not only that, you also have an option to install packages with just one click.
Security – stunner, snort, tinc, nmap, arpwatch
Monitoring – iftop, ntopng, softflowd, urlsnarf, darkstat, mailreport
Networking – netio, nut, Avahi
Routing – frr, olsrd, routed, OpenBGPD
Services – iperf, widentd, syslog-ng, bind, acme, imspector, git, dns-server
pfSense looks promising and worth giving a try.
IPFire is built on top of netfilter and trusted by thousands of companies worldwide.
IPFire can be used as a firewall, proxy server or VPN gateway – all depends on how you configure it. it got great customization flexibility.
IDS (intrusion detection system) is inbuilt so attacks are detected and prevented from day one. and with the help of Guardian (optional add-on), you can implement automatic prevention.
You can get it started with IPFire in less than 30 minutes. Read more about features here.
OPNSense is a fork of pfSense and m0n0wall. GUI is available in multiple languages like French, Chinese, Japanese, Italian, Russian, etc.
OPNSense got many enterprise levels of security and firewall features like IPSec, VPN, 2FA, QoS, IDPS, Netflow, Proxy, Webfilter, etc.
It is compatible with 32bit or 64bit system architecture and available to download as ISO image and USB installer.
4. NG Firewall
NG Firewall by untangle is a single platform where you can get everything you need to protect your organization network.
It got beautiful dashboard, experience the demo here. It works like an app store where you can enable or disable particular app (module) based on the requirement.
In the FREE version, you get NG Firewall platform, free apps and 14 days trial of paid features.
Smoothwall express is a free solution with a simple web interface to configure, manage the firewall.
Smoothwall express supports LAN, DMZ, Internal, External network firewalling, web proxy for acceleration, traffic stats, etc.
Shutting down or rebooting is possible directly through the web interface.
Note: The following two programs are specific for Linux servers.
ufw (uncomplicated firewall) works with Ubuntu. It provides command line interface to manage Linux kernel packet filtering system (netfilter).
csf (ConfigServer security) is supported and tested on the following OS and virtual servers.
csf is a stateful firewall, login detection and security solution for Linux servers.
Kevin Jones719 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.