LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

LWN Weekly Edition

Front page
Security
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->One big page

 

This page

Previous week
Following week

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Distributions

News and Editorials

If you Need a Firewall...

June 2, 2004

This article was contributed by Ladislav Bodnar

The flexibility of Linux and other open source software is clearly demonstrated by projects that use the available software to build specialist distributions. Among them, Linux-based firewalls have attracted much attention by the developers. Many of these projects evolved into successful businesses, while others continue as community projects. As a general rule, these firewalls are capable of filtering packets, performing network address translation, and blocking unwanted traffic. Some of them go beyond these basic functions and offer more advanced features, such as secure connections using the IPSec protocol, intrusion detection, and even mail filtering and virus protection. Many of the products offer Webmin or Webmin-like web-based interface for configuring the firewall over the network. Prices of these products range from free (or free for non-commercial use) to thousands of dollars. Below is a quick tour of what is available on the market today, in alphabetical order. One interesting observation: 9 of the 11 firewall products originate in Europe.

Astaro Security Linux. The German-based Astaro has been developing security and firewall solutions since January 2000. Now in version 5, Astaro Security Linux offers not only a firewall and VPN, but also virus scanning for all inbound and outbound email, spam protection, intrusion detection, and an excellent web-based interface for configuring services. The product is free for home use, but any commercial deployment requires a license fee starting at $390.

ClarkConnect Firewall/VPN. The Red Hat-based ClarkConnect Broadband Gateway project has been around for several years, but a dedicated Firewall/VPN edition has only been introduced to the market in April this year. The pages detailing the product features are still under construction, but if the Canadian company's main product (which does include firewall features) is anything to go by, it is worth a closer look, especially by users familiar with Red Hat Linux or Fedora Core.

Devil-Linux. Devil-Linux is a run-from-CD firewall, a community project developed by Heiko Zuerker. According to the author, the main advantage of a CD-based firewall is that the content on the CD cannot be modified by an intruder - a simple reboot will restore the firewall to its original state. Also, a CD-based firewall requires no installation, consumes less power, is immune to hard disk failures, and is simple to get up and running in a very short time. Devil-Linux does not offer any graphical configuration utilities, but a console-mode setup wizard is provided for setting up the firewall. Configuration files can be saved to a floppy disk, hard disk or a USB storage device. Devil-Linux is released under the GPL.

Euronode Firewall. Euronode Firewall is a new community project, a Debian-based firewall product sponsored by a French-based GNU/Linux services company of the same name. Two firewall products are available - Euronode Simple Firewall and Euronode Advanced Firewall; the latter includes a mail server (Postfix), an antivirus program (ClamAV) and a spam control program (SpamAssassin), in addition to standard firewalling functions. Both products come with Webmin. Euronode does not include any proprietary software; it is built from packages available in standard Debian, but stripped to a minimum that's required for a functional firewall.

Gibraltar Firewall. The Debian-based Gibraltar Firewall is a commercial product of Austria's eSYS Informationssysteme. In development since July 2000, it finally reached a stable state in November 2003 when Gibraltar 1.0 was released. Like Devil-Linux, Gibraltar also runs entirely from a CD, with configuration files optionally stored on hard disk, floppy disk or a USB storage device. Two editions of the product are available - the only differences between the free edition and the $999 commercial edition is a web-based configuration utility called GibADMIN and formal support.

IPCop Firewall. IPCop Firewall, originally started as a fork of SmoothWall, is a community project released under the GPL. It is geared towards home and small office use. Although the development tends to be slow (there has been no new release for over a year), IPCop has received surprisingly good reviews by the media, even when compared with some of the expensive commercial firewalls on this list. IPCop provides a web-based interface to configure the firewall. One major advantage of IPCop over similar community projects is excellent documentation available in many languages.

m0n0wall. The Swiss-based m0n0wall project is the odd man on this list because it is based on FreeBSD, rather than Linux. It comes with a long list of features, including a web-based configuration interface with SSH support (webGUI - a nicely designed application written in PHP, with configuration files stored in XML format), wireless support, IPSec VPN tunnels, DHCP client, DynDNS client, and configuration backup/restore, just to name a few. Version 1.0, based on FreeBSD 4.9, was released in February 2004 under the BSD license.

redWall Firewall. Also from Switzerland comes redWall Firewall, a community project hosted at SourceForge and based on Red Hat Linux 9. It belongs to the category of live CDs. Besides the usual firewall and VPN features, the product comes with plenty of extras, including intrusion detection, web caching, mail relaying, spam filtering and virus scanning. All configuration is done via Webmin's graphical interface and the resulting configuration files can be stored on a floppy disk, hard disk or USB storage media, or they can be sent by email. redWall Firewall is a free product released under the GPL.

Securepoint Firewall & VPN Server. Securepoint is a well-established German Linux company specializing in firewall products and solutions. Their Securepoint Firewall is based on Red Hat Linux and it includes the usual range of intrusion protection, virus scanning, content filtering and other features. The product is free for home use, but any business use requires hefty licensing fees ranging between €799 and €4,995.

Sentry Firewall CD. Sentry Firewall CD is another CD-based firewall with intrusion detection, based on Slackware Linux. Its kernel is heavily patched with various security enhancements, including OpenWall, FreeS/WAN, Ebtables bridge + netfilter patch, Linux-WLAN modules, and MPPE (Microsoft Point-to-Point Encryption). In the true Slackware tradition, all configuration is done by editing text files. Sentry Firewall CD has been in development for over 3 years and is released under the GPL.

SmoothWall. The UK-based SmoothWall firewall is probably the best-known firewall on the market. Although the infamous Richard Morrell, the man who founded SmoothWall Ltd., is no longer with the company, the development continues in two directions: the free SmoothWall Express released under the GPL, and the £180 SmoothWall Corporate Server available under a commercial license. Compared to most other products on this list, SmoothWall Express limits itself to be a firewall only, but it does include a graphical interface for easy setup. SmoothWall Express continues to receive good reviews in the media, especially after the release of version 2.0 in January 2004.

Product Origin Based on Price GUI Licence
Astaro Germany Red Hat $390, free for home use yes, web-based Commercial
ClarkConnect Canada Red Hat Free yes, web-based GPL
Devil-Linux Germany Linux From Scratch Free no GPL
Euronode France Debian Free yes, Webmin GPL
Gibraltar Austria Debian $0 - $999 depending on features yes, GibADMIN Commercial
IPCop USA SmoothWall Free yes, web-based GPL
m0n0wall Switzerland FreeBSD Free yes, webGUI, written in PHP BSD
redWall Switzerland Red Hat Free yes, Webmin GPL
Securepoint Germany Red Hat €799+, free for home use yes, web-based Commercial
Sentry USA Slackware Free no GPL
SmoothWall UK -- £0 - £180 yes, web-based GPL

Comments (4 posted)

Distribution News

Debian GNU/Linux

An updated Debian From Scratch is available. Changes include a new amd64 kernel name and more documentation.

The Debian Project will be represented at LinuxWochen and Wizards of OS conferences. LinuxWochen is over now, but look for Debian at Wizards of OS in Berlin next week.

GnomeDesktop reports on the availability of GNOME 2.6 in Debian unstable.

Comments (none posted)

Unofficial Fedora FAQ for Fedora Core 2

The Unofficial Fedora FAQ, hosted at fedorafaq.org, has now been updated for Fedora Core 2. Click below for the announcement.

Full Story (comments: 4)

Fedora Core

The first Fedora Core 2 based tree of Aurora SPARC Linux, build-1.91 (wombat) has been released.

FC1 and FC2 updates:

  • FC1 - gimp: improvements in the handling of multibyte locales
  • FC1 - vsftpd: upgrades vsftpd to the code shipped in Fedora Core 2, fixes bugs
  • FC2 - subversion: includes the latest stable release of Subversion, including three user-visible bug fixes
  • FC2 - php: includes the latest stable release of PHP 4 with a large number of bug fixes since the previous 4.3.4 release

Comments (none posted)

Slackware Linux

There are plenty of changes in slackware-current this week. Upgrades include vim-6.2.532, gail-1.6.5, procps-3.2.1, util-linux-2.12a, clisp-2.33.1, gnopernicus-0.9.4, libbonobo-2.6.1, LPRng-3.8.27, reiserfsprogs-3.6.17, tcsh-6.13.00, Python-2.3.4, alsa-1.0.5, joe-3.1 (with Klingon support), lftp-3.0.5 and slacktrack-1.20_1. X has been switched to X11R6.7.0 from X.Org.

Comments (none posted)

Lycoris releases FontPaks powered by Bitstream Technology

Lycoris and Bitstream Inc. announced that Lycoris will offer Bitstream FontPaks on the Lycoris website. They will also be available in retail outlets and through authorized resellers.

Full Story (comments: none)

DistroWatch Weekly

The DistroWatch Weekly for May 31, 2004 compares Mandrakelinux, Red Hat/Fedora and SUSE and contains several other topics.

Comments (none posted)

New Distributions

Interview: Nirav Mehta of newly launched Utkarsh.org (NewsForge)

NewsForge interviews Nirav Mehta of the Utkarsh Linux distribution. "Today marks the official launch of a new open source project. Utkarsh is an operating system based on Linux and localized in the Gujarati language, spoken by more than 5.5 million in India's Gujarat state and worldwide. Utkarsh (which means progress or rising high) version 0.1 is now in beta testing, and the team is bubbling with ideas for future growth. Recently Mayank Sharma spoke with the young Gujarati entrepreneur behind the project, Nirav Mehta."

Comments (4 posted)

X-Evian

X-Evian is a complete Debian GNU/Linux operating system compilation that comes with 300Mb of copyleft material for the socialization of knowledge and technologies. X-Evian joins the list at version 0.4.1-beta, released June 1, 2004.

Comments (none posted)

Minor distribution updates

Astaro Security Linux

Astaro Security Linux has released v5.010 with minor bugfixes. "Changes: This new version included all recently released Up2Date packages, bugfixes in the installer, and new hardware support for SCSI RAID controllers (COMPAQ DL 360, Dell PowerEdge 1750, AHA-39160). The installer now displays the MAC addresses of the detected interfaces."

Comments (none posted)

Aurox Linux

Aurox Linux has released v9.4 with major feature enhancements. "Changes: English and Italian are now supported. There is now only one CD set, and CDs are now "apt-enabled". KDE 3.2.1 was included along with a lot of code from 3.2.2 and several new KDE applications. OpenOffice.org 1.1.1 was included. Also updated were the kernel, ALSA, and multimedia apps (mplayer, xine). Many bugs were fixed."

Comments (none posted)

blueflops

blueflops has released v2.0.3 with minor feature enhancements. "Changes: Updates were made for kernel 2.6.6, links-2.1pre15, and busybox-1.00-pre10 with init.c taken from pre-8. The ethernet drivers that support probing are now in the kernel and therefore are automagicaly detected. There is support for USB keyboard and mouse (those emulated as PS/2 by the BIOS were already supported). There is also automatic mouse detection, and support for PCMCIA serial devices. A necessary feature is finally added: automatic DNS assignment for dial-up connections."

Comments (none posted)

Desktop ROCK Linux

Rock Linux has released Desktop ROCK Linux v2.0.1 with minor feature enhancements. "Changes: dRock 2.0.1 is based uppon the current 2.0.1 ROCK Linux release. It features the same security and maintenance updates including improved SPARC and PowerPC support, as well as the build fixes for SuSE, Red Hat, etc."

Comments (none posted)

Devil-Linux

Devil-Linux has released development version 1.2 beta 1 with major feature enhancements. "Changes: Many new programs, software updates, and security features were added along with support for booting from IDE CF cards."

Comments (none posted)

Trustix Secure Linux

Trustix has released bug fixes for various problems in cyrus-imapd, dhcp, openssl, and samba.

Full Story (comments: none)

wrt54g-linux

wrt54g-linux has released v0.5 with minor feature enhancements. "Changes: This release adds two user-contributed pcakages: dropbear, a small SSH daemon, and iptraf, an IP traffic monitoring utility. Neither package is installed by default. To install either, add their files to the "distro.tar" file and modify the wrt54g.sh script to set them up on each install. Additional iptables commands have been added to the startup script to account for PPPOE. There are small cleanups."

Comments (none posted)

Distribution reviews

SUSE LINUX 9.1: The Complete Review (DesktopOS.com)

DesktopOS.com has a five page review of SUSE LINUX 9.1. "SUSE LINUX has been around for a long time, and the developers at SUSE have always prided themselves on the user-friendliness of their distribution. SUSE LINUX 9.1 is the first version of the company's consumer product line to be released following its acquisition by Novell last year, and is described as being "more than just an alternative to Windows". SUSE has always been a general-purpose distribution with packages and tools for servers as well as desktops. Given the importance being placed by Novell on desktop Linux, how does SUSE LINUX 9.1 compare to its specifically desktop-oriented commercial rivals, Lycoris Desktop/LX, Xandros Desktop and Lindows Linspire?"

Comments (none posted)

Review: Fedora Core 2 (linux.com)

Linux.com reviews Fedora Core 2. "After the software was installed, real testing began well. FC2 runs noticeably faster than FC1, which in turn ran faster than its competitors from Mandrake and SuSE. There are a great many other improvements as well, such as support for CD burners without a SCSI emulation layer and better support for laptop hardware."

Comments (none posted)

Page editor: Rebecca Sobol
Next page: Development>>

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds