Web Server Security : Dedicated firewall

The first firewall that’s going to be presented here is SmoothWall. Probably the best description for SmoothWall is that it is undoubtedly one of the most user-friendly firewall suites that can be found as open source. It’s totally configurable via a web-based GUI. It’s based on Linux but requires very little *nix knowledge. Anyone that can set up a working Linux installation should not struggle working with this firewall.

The company that maintains this project is based in the UK, and they have a great history to back up their expertise. The SmoothWall project was launched in the early 2000s. Right now there are several variations of this project. These include SmoothWall Express, which is the free open source edition, and a few commercial products such as the Corporate Guardian, Corporate Server Edition, Network Guardian, etc.

In this article we’re interested in SmoothWall Express. Its latest version is 3.0, codenamed Polar. Let’s enumerate some of its key features: stateful inspection, dynamic NAT, outgoing traffic control, port forwarding, IP block list, web proxy, VoIP, PPP, PPPoA, PPPoE ADSL support, IPsec VPN, Intrusion Detection System.

Check out this official document—it’s always up to date. It also provides a comparison with their commercial applications, so you can find out their capabilities in comparison with the free SmoothWall Express. You can decide for yourself whether the open source version or one of the others will satisfy your needs.

Another open source firewall application is Endian. Endian provides top of the line UTM (unified threat management) firewall products that also include customer support, but they also offer the Endian UTM Community edition. As its name suggests, the project has matured into a full-featured Internet security and intrusion prevention suite.

The beauty of this project is that it is a mixture of open-source utilities and applications. Endian has configured, prepared, and released this suite under the GPL license. It comes within a highly-secured Linux distribution and it does an amazing job of making things easy for everybody, even users without any background in Linux and/or conventional firewall apps such as iptables/netfilter.

Now let’s also find out its major functions: stateful firewall (packet inspection), proxies for various protocols with antivirus support, DDoS protection, portscan detection, DNS proxy/routing, VOIP support, content filtering of Web traffic, spam-filter (learning) and antivirus for both incoming and outgoing mails, support for VPN based on OpenVPN, and much more! Check out the following comparison of features—here.

The third firewall suite we’ll consider on this page is ClarkConnect. This product is often called an Internet gateway solution because it offers many of the required tools to create a secure network with this robust gateway/firewall suite. It comes in two variations: community (free, open-source), and enterprise (commercial).

The free community edition has the following limitations: at most 10 mailboxes, no technical support, and a maximum of 18 months of automatic software updates. The user may thereafter update the software with manual updates—and this is important for antivirus definitions and other reasons. As expected, ClarkConnect is also based on Linux.

Some of its major features include, but are not limited to: stateful firewall (via the traditional iptables), intrusion detection and prevention system, VPN (via PPTP, OpenVPN, IPsec), web proxy and caching (via Squid), content filtering (DansGuardian), lots of e-mail services (spams, antivirus, blacklisting, webmail), web server (Apache), database (MySQL), file and print services (Samba, CUPS), MultiWAN, and lots of others.