10 Useful Open Source Security Firewalls for Linux Systems

If you have any questions or problems regarding this article and want help within 24 Hours? Ask Now

Support TecMint: Did you find this tutorial helpful?. Please help to keep it alive by donating. Every cent counts! - Donate Now

Tarunika Shrivastava

I am a linux server admin and love to play with Linux and all other distributions of it. I am working as System Engineer with a Web Hosting Company.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

Receive Your Free Complimentary eBook NOW! -

Download Free Linux eBooks

Advanced Bash-Scripting Guide
Linux Bible
A Newbie's Getting Started Guide to Linux
Introduction to Linux - A Hands on Guide

You may also like...

27 Responses

  1. Hey there, i am using Brazilfw & Router.
    Project BrazilFW – Firewall and Router. A powerful network security tool: easy, safe and totally free!
    BrazilFW is a mini Linux distribution designed to be used as a Firewall and Router that runs easily on older computers. An old PC running BrazilFW is much more powerful and efficient than commercial software for routing in offices and residences running on a “powerful” computer.
    BrazilFW is based on Coyote Linux, which was designed by Joshua Jackson who discontinued Coyote Linux in version 2.24 in August 2005. In that same month comes on the scene BrazilFW Firewall and Router (BFW) with version 2.24, which is led by “Claudio” and “Marcelo – Brazil”, running only on floppy disks, and being 2.30.1 the last version with this support . The following versions, as well having automatic detection of network cards, only run on large capacity media, such as hard disk (HD).
    Versions in Development:
    ► 2.33.x: Uses kernel 2.4.x and is developed by Marcinho Samurai
    ► 3.x: Uses kernel 3.x and is developed by WoshMan

    Brazilfw 3,0, Come to http://www.brazilfw.com.br and discover the power of this multilinguage firewall ad router distribution.

  2. Joe says:

    I need a recommendation please.
    I am a Unix / Linux admin, but I have always worked in large corporations, where the firewall rules were done at the network level.
    I have no experience with Linux-based firewalls at all.
    But, I now have need to restrict traffic between 2 servers, and I believe that a firewall, or proxy might be the best solution to my problem.
    I need to create an encrypted tunnel between server “A” and server “B”. This is the easy part.
    But, I need to send all traffic between the two servers, through the encrypted tunnel.
    Basically, anything going from server “A” to server “B” must travel through the encrypted tunnel.
    If the tunnel goes down for any reason, I need the traffic to “stack up”, and wait for the tunnel to be re-established.
    Can I do this using firewall rules only?
    Can I do this using a proxy only?
    Do I need to use a combination of the two?
    Of all the open source GUI based firewall admin tools available on the market today, which one might be the easiest to use, and the quickest to learn?
    Which one would be the easiest to learn, for a novice that has never had to build a firewall rule before?
    Thanks in advance, and have a great day.

  3. Eduardo says:

    m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software).
    m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent.
    m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.

  4. Weverton says:

    Hi Tarunika,

    I am really impress with this well writen article. Its help me a lot. But I am wondering: is there any kind of UTM linux based free that i can used? i am looking for features like – Web Filtering / Web Content Filter. I know that Dans Guardian can do the job (like smothwall too) but these solutions need that i set up proxy address in the hosts, and i want a solution with ZERO config in any device inside my network. Acctualy with have a FW Cisco ASA 5505 and using a RRAS VPN Microsoft Server with AD users integration. So i would like to put a Linux box (with two NICs) beetween my Firewall Cisco and my Switch Network, acting like a bridge. I konw that UNTANGLE can do the JOB but the full capacity is paid. So.. can yopu give me a tip about this problem? Thanks in advance. ;-)

  5. Vix says:

    @ Michael ,

    When u says Half baked knowledge is wonderful , assume u have full cooked knowledge.

    Asking you a simple question.
    I have 5510 Cisco in my org. I want to replace it with and option to opensource but eventually when it finally goes off .

    What is the best options.,
    It is currently being used for :
    1. seting up in-out bounds
    2. DMZ
    3. VPN
    4. less amount of Network monitoring.

    Suggest a best piece of the LINUX OpenSource FW ,eventhough it is tough to manage it should be able to update dnsbl list and other UTM/IDS functions up-to-date.

    Thanks in advance for your suggestions.

  6. Nix says:

    All you need is to type these two commands in a terminal emulator.

    No need to install third party firewalls.

    sudo ufw enable
    sudo ufw default deny

  7. vijay says:

    hi , i want block not to uploding my files to internet . like pdf ,ppt, doc, kind of files. users not allow organigation classified information files to gmail attchments . i tried every possible way some of opensource firewalls , but i could not get this kind of policy please help me out with open source firewall and linux.

  8. Squidblacklist.org is the worlds leading publisher of native acl blacklists tailored specifically for Squid proxy, and alternative formats for all major third party plugins as well as many other filtering platforms. Including SquidGuard, DansGuardian, and ufDBGuard, as well as pfSense and more.

    There is room for better blacklists, we intend to fill that gap.

    It would be our pleasure to serve you.


    Benjamin E. Nichols

  9. Ambesh says:

    in my small network i want to block few selected websites and application like torrent downloader….plz suggest me few open source firewalls which can do my work perfectly. i have CentOS 6.3 in admin PC and rest PC are windows.

  10. Michael says:


    Configserver, UFW, Shorewall… are nothing but front ends to make using iptables easier.

    There is only ONE firewall on LINUX – iptables.

    Everything else is a front end to iptables. There are more front ends such as Arno’s firewall, KISS etc.

    PfSense is a BSD firewall – nothing to do with Linux.

    Evidently, half baked knowledge is a wonderful thing.

Leave a Reply

Your email address will not be published. Required fields are marked *

Join Over 95000+ Linux Users
  1. 57,739
  2. 3,201
  3. 25,639

Enter your email to get latest Linux Howto's