looking for free linux-based firewall

What you are asking for is a bridging firewall. It is possible to do this in Linux; I do it for out network. But it's not straightforward, and I don't know of any off-the-shelf free solution (or I'd be using it).

The basic steps are that you first need to enable bridging support in the kernel - this is normally already done these days. Then you create a bridge interface and add network interfaces to it. Then you setup the iptables rules for the network and the firewall itself.

I use custom scripts to startup the bridge, and fwbuilder to create the iptables rules. I also use fwbuilder to create the "personal" firewall rules for each server behind the firewall. It's quite a nice tool, but it does have a few foibles to watch out for. It supports both address and port ranges.

Monitoring can be done by any available Linux tool.

Reply to
Nigel Wade
Loading thread data ...

Both use netfilter/iptables.

Any Linux box can make a fine packet-filter.

man iptables.

formatting link

Reply to
Wolfgang Kueter

Please explain, what do you mean with "genuine (visible) IPs".

Most of the packet filters do that.

It's possible with the Cisco, it's possible with a Linux box, too.

Yours, VB.

Reply to
Volker Birk

I assume that means these addresses are accessible from the outside world.

I don't know of a "product", but what you want is easily done via iptables (which is what smoothwall and ipcop use in any case). You may need to make sure your "outside" interface supports IP aliasing (i.e. more than one address per physical interface) and then define the correct rules to pass the packets back and forth. If you feel adventurous you can also use the bridging module, which is really better suited to this kind of stuff.

I know this is a Linux group, but personally I find OpenBSD's pf easier to understand and set up for this kind of thing - you may want to have a look there as well.

Collecting the data is easy enough. Monitoring is another question - Google is your friend...

Reply to


We have PCs and servers on our network each with genuine (visible) IPs.

smoothwall (free version) and ipcop support only NAT.

Is there a product that supports genuine IPs with rules like "allow IP-Range port-range" , "Block IP-Range port-range" , etc?

Monitoring and volume-stats would be great too.

I'm happy to pay a reasonable amount but IMO smoothwall's prices are way out of reach of normal users.

Currently using a Cisco 837 but would prefer to use a linux box.

DK melbourne.au

NOTE this message was posted to alt.comp.networking firewalls, comp.security.firewalls

Reply to
David TY

Did you check the Homebrew Customisations / Modifications forum on smoothwall.org

I found the following book useful in understanding Linux based firewalls

Troubleshooting Linux® Firewalls


Reply to
John Mason Jr

I don't know unix based OSs. but I have some links noted down

The first link looks to me to possibly be what you're looking for.

i'm sure you can get many great firewalls for linux, with packet filtering.

formatting link
(linux firewall. cisco style)

formatting link
formatting link

Reply to

i'll add 'iptables' to that list Googling tells me "Iptables is the basic program for implementing a Linux firewall" "iptables is a packet filtering firewall." It's powerful but might be more technical than what you're looking for.

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.