Linux firewalls are free but can take a toll on time and resources

Linux firewalls are free but can take a toll on time and resources

By Pete Loshin

Special to GCN

You can spend thousands of dollars on a firewall, or, with a Linux operating system, you can get one for free. But that doesn't necessarily mean you will save thousands of dollars.

A standard version of Linux can be installed with two network interface cards and configured both for packet filtering and as an application layer firewall.

The two big questions are: How easy is it to get up and running, and how secure is it?

If you have reasonable Linux and networking skills, a Linux firewall could be fairly easy to set up. Linux includes packet filtering as part of the OS. But setting it up requires that you have a fairly high comfort level with Linux or another Unix-based OS, as well as with TCP/IP networking and network security in general.

Without that knowledge, you need a good guide to Linux firewalling'something I have yet to find'or an expert to help guide you through the process.

Even setting up a Linux box to do IP masquerade'a function like that performed by a network address translator'can be an ordeal unless you know exactly what you're doing.

To add more security, the Squid Web proxy cache included with many distributions'also available at'offers proxies for the most important applications.

Alternatively, the cross-platform Socks application gateway firewall is available from NEC USA Inc. at

Another alternative is offered by the Fireplug Edge Project, at Rather than using one of the commercial Linux distributions, many of which include scores of applications that complicate configuration and weaken security, the Edge Router uses the FirePlug Consulting Group's ThinLinux distribution to create a firewall appliance from a 486 or better PC. The OS has been pared to the minimum to contain configurations on a single floppy disk while still providing address translation and proxy and routing functions.

The Linux approach to security is appealing, but what you save on software licenses you'll spend on the time and resources needed to install, configure and maintain your security systems.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected