There are some excellent, free firewall solutions that are usable under the BSD and Linux environments.
- Smoothwall: Smoothwall is an open source project that started in 2000 and it includes a user-friendly interface. It has SCSI support and a functionality to add more modules, such as SmoothTunnel for advanced VPN capabilities, SmoothZone for multiple DMZ and SmoothGuard for content filtering proxy. Additional modules are available over time and they more capabilities, such as anti spam, antivirus and traffic shaping features. SmoothWall Corporate Guardian is a variant that integrates the SmoothGuardian as a native feature. For use in schools, the School Guardian offers not only firewall features, but also LDAP authentication and Active Directory supports.
- IPCop: IPCop is actually a Linux distro that’s designed to offers easy-to-manage firewall capabilities on any PC hardware. It supports all the modern functionality of operating system, such as the ability to connect with external hard drive and flash drive. We could also use different interface cards and assign each of them to specific networks. We may also password protect access to web-based interface. Like with any firewall solutions, we could also do traffic overview, email virus checking, advanced QoS (traffic shaping), proxy control and many others.
- IPFire: IPFire is another Linux distribution that can work as both firewall and router. It should be easy to maintain IPFire via a web interface. It comes with a built-in corporate-level protection and focuses on ease of use, stability and more importantly, security. There are a number of add-ons that we can install to the basic system. IPFire includes the SPI (Stateful Packet Inspection) firewall that’s placed on the netfilter. It should be noted that the network will be configured into distinct segment when we install IPFire. It means, we could set up a segmented security scheme where each machine could work in separate network. Each segment is essentially a group of machines that share a similar security level. As an example, we could assign a network with “Green” status to represent it as a safe area. This should be the place where regular clients could reside. There are other color-based security levels in an IPFire network, such as Blue, Orange and Red.
- Shorewall: Shorewall is a free firewall tool for Linux environment and it doesn’t come with its own GUI. Instead, we need to configure Shorewall using the plain command lines. Even so, it is possible to install the Webmin module separately. Usual firewall functionality should be available, since Shorewall is actually the front-end to iptable and netfilter. It could do many functionality, such as traffic shaping, routing, logging, port forwarding and NAT.
- pfSense: It is another firewall distribution and it works on FreeBSD. pfSense is a fork of the m0n0wall project and it retains much mof the functionality, such as captive portal, traffic shaping, VPNs, port forwarding and NAT. pfSense could also go beyond m0n0wall with its multiple advanced features, including easy MAC address spoofing, traffic filtering, failover and load balancing.