Servers Tip of the Trade: Linux Firewall Builder Roundup

Tip of the Trade: Linux Firewall Builder Roundup

Discuss this article in the ServerWatch discussion forum

Unsure About an Acronym or Term?
Search the ServerWatch Glossary


Need to get a firewall up stat and don’t have time to learn the ins and outs of iptables? Firewall Builder, Firestarter and Shorewall are three excellent firewall-building tools to get you started.

A fundamental skill for all Linux system and network administrators is knowing how to write a good stout iptables firewall from scratch, and knowing how to modify it for all sorts of different circumstances. Out here in the real world, however, it seems to be a skill in short supply. The learning curve for iptables is a bit steep, but it’s not that bad ȃ spend a couple of days with Oskar Andreasson’s iptables tutorial and you’ll be in business.

An alternative, although I still think all admins should understand iptables inside-out, is to use one of the many excellent Linux firewall-building tools.

Firewall Builder is a sophisticated multi-platform graphical firewall configuration and management tool. It works on iptables, ipfilter, OpenBSD’s PF and Cisco’s PIX. By design, it hides the specifics of rule-building and instead focuses on writing policies. Don’t run Firewall Builder on your actual firewall because it requires X Windows. Instead, run it on a workstation, then copy the scripts created to your firewall.

Firestarter is a nice graphical firewall-building wizard that leads you step-by-step through the process of building your firewall. It’s a good choice for a NAT firewall that shares a single public IP address with a LAN and also has some public services behind the firewall, or a separate DMZ. It has easy commands for turning the firewall on and off, and views of status and current activities. You can run it on headless boxes and monitor it remotely, or use it as a stand-alone host firewall.

Shorewall is a popular firewall builder; it is more complex and flexible than Firestarter, and it is suitable for more complex networks. Shorewall has a learning curve nearly equivalent to iptables, but it is well-documented and offers howtos for different scenarios, such a single-host firewalls, two- and three-interface firewalls, and firewalls with multiple public IP addresses. You’ll get help with filtering P2P services such as Kazaa, rate-limiting, QoS (quality of service), VPN passthrough, and lots more.

The short story is you don’t need to spend gobs of money on commercial firewall software, which is often inferior to the built-in Linux and Unix packet filters, anyway. Spend the money on good-quality hardware, instead.

Latest Posts

Compare HP’s iLo & Dell’s iDRAC Server Management Tools

Most servers shipped from the major manufacturers today come with some type of out-of-band management tool or baseboard management controller (BMC). Two of the...

Get-MsolUser PowerShell Attributes & Properties

This article has been updated for 2020. Please note that WAAD was retired in 2018, but the cmdlets listed in this article are still...

Microsoft Azure PowerShell Scripts and Commands

Using PowerShell scripts and commands for quickly executing tasks in Windows operating systems offers a number of benefits over traditional scripting languages, such as...

Microsoft Hyper V Review

Microsoft Hyper-V: The Bottom line Microsoft Hyper-V lagged behind VMware's virtualization tool, one of the most popular tools in the space, when it was first...

Best Cloud Based Services & Companies

Any company that’s delayed introducing cloud-based software into their infrastructure needs to consider leveraging these new technologies to reap all the benefits cloud computing...

Related Stories