Firewall Recommendations

So… I’m in the market for a good firewall. What do you use on your server? I’m looking for something free of course.

I suppose I should specify firewall software.

For which operating system? What are your requirements for reporting & management? Do you need anti-portscan, anti-bruteforcing?

First rule of asking questions: clearly specify your question.

Sorry for not being clear. We’re running an Ubuntu server. I’m not really sure what features the firewall would need, enough to make it secure. We don’t need to go overboard, but we do need security. So you tell me, what security features do I need?

A firewall probably isn’t going to add any real “security” - it’s just blocking things which would normally be accepted by the OS, so in the case of somebody exploiting a webapp it’d be slightly, only slightly, harder for them to fully leverage the exploit.

I’d setup a firewall with the following policies:

  • No outbound connections unless user making them is root or in wheel/staff group
  • No incoming connections except to specifically allowed ports (80, 25, 443 etc.)
  • Management ports (ssh) restricted to your home/work IP

You can either do it manually with iptables or you can do it using UFW.

I’d also argue that your firewall should be a separate device, not embedded in your app server.

generic csf (configserver Firewall) works on Ubuntu v8.10. For more details about csf firewall please visit their website

Honestly, I’d recommend sticking with Iptables- especially if you are already familiar with using a console. Iptables gives you a better understanding of what is happening with your firewall (crucial when something breaks, or doesn’t work as expected).

Here is a tutorial that I wrote: Routing and Firewalls with Linux. It covers basic filtering with Iptables, as well as the more advanced destination NAT features that Iptables has.