How To Build a Linux Firewall
So you’re looking at some old P3 desktop tower and giving serious consideration to putting it out to pasture. Well as luck might have it, there are some additional options you might want to consider. While running something on your network with lots of bells and whistles like Splunk really needs a server environment to thrive, you can still utilize an old computer tower to build a Linux firewall. And, let’s face it, running a dedicated hardware firewall isn’t such a bad idea these days.
I happen to think that using Devil Linux is the way to go when building a Linux firewall. Offering the mixed blessing of new heavy user interface translates into a Linux firewall solution that can be implemented without requiring a PC with a lot of system resources, such as the P3 machine I mentioned earlier. Now it should be stated that Devil Linux and setting up a Linux firewall in general isn’t for the faint of heart. While the documentation provided is great, it’s no replacement for the out-of-the-box ease of a self-contained and supported appliance.
CC licensed Flickr photo shared by DragonBe
Hardware required to build a firewall
- A computer that can boot from a CD or USB drive is helpful.
- Two Ethernet ports. One for the broadband connection and one to attach to your router or switch.
- Keyboard and monitor. While the monitor may not be an issue after setup, it’s probably easier than running the setup headless / via a busy box.
- A hard drive or USB thumb drive to store the OS and firewall rules.
Why a Linux firewall is better than a software firewall
The biggest benefit to building a Linux firewall is vulnerabilities in Linux are typically different than those found in the Windows or OS X operating system on your desktop. Placing a firewall in front of your computers protects against attacks and sets network access rules for everyone on your LAN, whether they like it or not. There are other things you can add to your firewall configuration like network intrusion detection, Web acceleration, content filtering, and packet shaping. Providing a decent network firewall is a good place to start.
The following two tabs change content below.
Wale Falade is Nigerian. A Business Systems Analyst, Technology Enthusiast and a Linux Server Administrator.
He engages actively in improving online visibility of Nigerian brands.
Follow him on twitter @diaryofageek