Linux firewalls may be free, but they're not easy

Linux firewalls may be free, but they're not easy

You can spend thousands of dollars on a firewall, or, with a Linux operating system, you can get one for free. But that doesn't necessarily mean you will save thousands of dollars.

A standard version of Linux can be installed with two network interface cards and configured both for packet filtering and as an application layer firewall.

The two big questions are: How easy is it to get up and running, and how secure is it?

If you have reasonable Linux and networking skills, a Linux firewall could be fairly easy to set up. Linux includes packet filtering as part of the OS. But setting it up requires that you have a fairly high comfort level with Linux or another Unix-based OS, as well as with TCP/IP networking and network security in general.

Without that knowledge, you need a good guide to Linux firewalling'something I have yet to find'or an expert to help guide you through the process.

Even setting up a Linux box to do IP masquerade'a function like that performed by a network address translator'can be an ordeal unless you know exactly what you're doing.

To add more security, the Squid Web proxy cache included with many distributions'also available at'offers proxies for the most important applications.

Alternatively, the cross-platform Socks application gateway firewall (see story, next page) is available from NEC USA Inc. at

Another alternative is offered by the Fireplug Edge Project, at Rather than using one of the commercial Linux distributions, many of which include scores of applications that complicate configuration and weaken security, the Edge Router uses the FirePlug Consulting Group's ThinLinux distribution to create a firewall appliance from a 486 or better PC. The OS has been pared to the minimum to contain configurations on a single floppy disk while still providing address translation and proxy and routing functions.

The Linux approach to security is appealing, but what you save on software licenses you'll spend on the time and resources needed to install, configure and maintain your security systems.

'Pete Loshin


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected