Firewall is a security system which enforces access control policy between two networks. Many firewalls emphasize on blocking traffic while some emphasize on permitting traffic. Firewall is not about only technical implementation of tool, but it’s also strategy to be implemented for internet-reachable resources.
There are several types of firewall techniques, some of them are often used in combination.
Packet filter : This type of firewall looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. Packet Filtering uses the following factors to see if traffic has to be allowed or denied :
- Source and Destination IP address
– Protocol Type.
– Source Port and Destination Port.
Application gateway : Here security mechanisms are applied in application level. This is very effective, but can impose a performance degradation. Eg. FTP and Telnet servers.
Circuit-level gateway : Circuit-level gateways examine just TCP and UDP sessions. security rules are applied when connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
Proxy Server : Proxy relays between two networks, effectively hides the true network source and destication addresses. It also typically caches Web pages.
Stateful Inspection : Tracks the transaction to ensure that inbound packets were requested by the user. Generally can examine multiple layers of the protocol stack, including the data, if required, so blocking can be made at any layer or depth.
There are various freely ( Open Source ) and commercial ( licensed ) firewall packages available in the internet world. Below is the list of well-known firewall technology used on Linux systems. Some of them are provided as module/addon/package in operating system, web hosting control panels or embedded in hardware device.
m0n0wall ( Monowall )
Linux LiveCD Router
Sentry Firewall CD-ROM
UFW – Uncomplicated Firewall
OpenBSD and PF
Shorewall Shoreline Firewall
CensorNet Internet filtering software
Mandrakesoft’s integrated network security solution
Securepoint UTM 10 Security Appliances: Firewall
CheckPoint FireWall [Hardware appliance based]
Cisco ASA/PIX Network Firewall [Hardware appliance based]
Plesk Firewall Module
CSF ( ConfigServer Security & Firewall )
APF (Advanced Policy Firewall) Projects | R-fx Networks