Open Source Firewalls

Constantly hearing about another batch of consumer routers getting compromised in bulk? Consider making an unused PC/server with a couple of network cards into a powerful firewall to better protect your network. These work well for home use, or even in many businesses. The open source firewalls listed here are very configurable, with VLAN support and etc.

Requirements

A computer with at least 2 network ports is required. This could be an old, but stable PC you have laying around that you throw a PCI or PCI-E network adapter in to get two or more ethernet ports, a server, or a platform designed for building your own firewall, such as the PC Engines APU.

Processing power and RAM can be pretty minimal for home, small business and some medium sized businesses. A Pentium 4 Processor and 1GB of RAM may be plenty of power for a home network, but probably not enough for an environment with hundreds or thousands of users. The amount of processing power and RAM needed depends on what firewall features you are using, such as adding on an IPS/IDS like SNORT and the amount of traffic passing through your firewall. For business use it would be ideal to use something with redundant power supplies, RAID and readily available replacement parts. Many of these firewalls can also run as Virtual Machines (VMs).

Things to Keep in Mind with Virtual Machine Firewalls

For edge firewalls a physical device is highly recommended. Say you have a remote office with one VMware server. Sure it has plenty of extra network ports, CPU, RAM and etc., but don’t forget about situations like the following. Consider an example where the virtualized firewall provides an OpenVPN or IPsec tunnel back to HQ and is the only link home. VMware needs an update that requires a reboot and there are no IT staff at the remote location. You connect to Vsphere and you gracefully shutdown all your VMs before rebooting the VMware box. Oops, you shutdown your firewall, which means your remote location no longer has Internet or VPN connectivity. Darn, now someone physically needs to get things booted back up at the remote location. If you had a dedicated firewall, your VPN link would still be up and you could reboot your VMware server without issue. Virtualization is great, but there are situations where it will cause you more problems than the money you saved are worth.

Firewalls

Below are a few open source firewall options. Test a couple different ones out to see what fits your needs. There are other options out there, but below are some of the most popular. Wikipedia has a decent list of firewalls that are free and paid https://en.wikipedia.org/wiki/Comparison_of_firewalls

pfSense firewall – pfSense is an open source firewall platform that is freeBSD based. It is a great open source firewall platform with enough add-ins and advanced configuration options to suit most. This is the open source firewall that MaDwall Security is most familiar with and would recommend to anyone.

Excellent overview of the different PFsense features and settings on version 2.2.2 https://www.youtube.com/watch?v=dfix8WsNSHc

OPNsense – Recommended by Monowall, which has shutdown. Another freeBSD based open source firewall.

Smoothwall – Smoothwall is a Linux based open source firewall option.