firewall is a network security device that monitors and regulates network traffic based on predefined security rules. It forms a vital part of the network security system separating the trusted network from an untrusted network, such as the Internet. You may need a firewall not only to protect your servers and clients against attacks that may come from the Internet but also to prevent the unprivileged user access to your mission critical systems.
After giving the firewall definition it may be better to summarize the evolution of it shortly.
packet filter is a first-generation network firewall that inspects packets sent between computers. This firewall may filter the packets by source and destination IP addresses, protocol, source and destination ports on the network.
Second-generation firewalls, also known as
stateful firewalls, not only filter packets but also keep track of particular communications between endpoints by remembering which port number the two IP addresses use for their connection at layer 4 (transport layer) of the OSI model. So that these firewalls allow examination of the overall exchange between the nodes.
Next generation firewalls provide
application/Layer 7 filtering. The main advantage of application layer filtering is that it can detect certain applications and protocols. This feature allows next generation firewalls to detect if a permitted protocol is being exploited or to identify undesired applications or services using a non-standard port. Main features of the next generation firewalls are as follows.
- Standard firewall capabilities like stateful inspection.
- Web/content filtering
- Application awareness and control to see and block malicious applications.
- Integrated intrusion detection and prevention.
- Threat intelligence sources.
- Methods for dealing with changing cyber threats.
Today, hackers use advanced methods such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers and Malicious Mobile Code (MMC) to attack their targets. Therefore, packet filtering is not enough to prevent these modern cyber threats and using the next generation firewall is a must to be safe for every company and even home users in the computer world.
Open source firewall is best known for protecting the network from a threat by filtering the inbound and outbound traffic and ensures network security.
Nowadays, open source firewalls which have application layer filtering capabilities are widely deployed in especially home, education, start-up and small scale industry networks.
In this article we will look at some of the best open-source firewalls that can improve your network security and cover the following topics deeply:
What is an open source firewall and why should you use it?
What are the best/top 5 open source firewalls?
What is OPNsense and its features? And installation of OPNsense.
What is IPFire and its features? And installation of Ipfire.
What is Untangle NG and its features?
What is pfSense® software and its features? And installation of pfSense.
What is Iptables and its features?
open source initially related to open source software (OSS) that is supposed to be publicly accessible. Anyone can examine, alter, and share the open source code.
When a person or organization uses an open source license on his/its original application, they agree to:
- Make the whole source code of the software publicly available
- Allow anyone to change, enhance, or re-engineer the code of a software
- Allow derivative works to be created
- Allow the application to be used for any purpose the user desires
Open source license provides developers to share their knowledge with each other. The entire open source community benefits from the collective innovation.
The Internet's essential functions are based on open source technologies. A large number of Internet applications are open source too. Large Internet corporations like
Many of the technologies we take for granted today would not have developed if open source licenses had not been available, or would have been locked away behind patent law. The open source movement is responsible for the rapid advancement of technology over the last few decades.
The main advantages of open source software are as follows:
Lower cost: Since open source licensing provides you code as free; what you pay for when you use an open source firewall is support, security hardening, and assistance with interoperability management.
Open collaboration: Because open source communities are active and very helpful you can find assistance, resources, and perspectives that extend beyond a single interest group or company.
Reliability: Proprietary code is dependent on a single author or company to keep it updated, patched, and operational. Because open source code is constantly updated by active open source communities, it outlives its original authors. Open standards and peer review ensure that open source code is thoroughly and frequently tested.
Flexibility: Because of its emphasis on modification, open source code can be used to address problems that are unique to your business or community. You are not obligated to use the code in any particular way, and you can rely on community assistance and peer review when implementing new solutions.
Review: Because the source code is freely available and the open source community is very active, developers actively check and improve on open source code. Consider it living code, as opposed to closed code that becomes stagnant.
Transparency: You can check and track changes in the open source code by yourself, rather than relying on vendor promises.
No vendor dependency: You can take your open source code with you wherever you go and use it for whatever you want, whenever you want.
Open source firewall is a firewall which is developed and distributed under an open source license. It protects the network from a threat by filtering the inbound and outbound traffic and ensures network security.
Open source firewalls have all the benefits of open source software described above as well. There is no doubt that you can protect one of your most valuable assets with an open source firewall.
There is a wide range of open-source firewall software to choose from, depending on your level of expertise, the size of the infrastructure to be protected, ease of use, and even whether the firewall has a graphical interface.
In no particular order, this article will highlight the best open-source firewalls. You can easily download and deploy all of these firewalls on any hardware, virtual platform, or cloud. Moreover, many sell them with pre-configured appliances if you like their functions or support and do not want to build your own device.
Open source operating systems such as
OpenBSD have a vast number of networking and security features built in. As a result, they are natural platforms for developing security products, and the majority of commercial firewalls are built on one of them.
There are numerous options available, ranging from tiny embedded systems for broadband wireless routers to massive enterprise firewalls with all the bells and whistles from free community support to paid commercial support.
If you are a home user or have a small business which does not have enough budget for expensive commercial firewalls, you may use the open source firewall on your network without any hesitation.
In this article, we will be discussing briefly the best open source software firewalls that can be used as both home and enterprise security solutions. Some of the open source firewalls listed below have features and capabilities comparable to expensive commercial firewall solutions. So, many companies deploy them as their main network security solution at a fraction of the cost.
These are one of the best Open Source Firewall solutions available to protect your infrastructure:
OPNsense is a FreeBSD-based open source firewall and a fork of
m0n0wall. It is compatible with 32bit or 64bit system architecture and available to download as ISO image and USB installer. It provides a GUI available in multiple languages like French, Italian, Russian, Chinese, Japanese, etc. OPNSense has many enterprise levels of security and firewall features like
VPN, etc. It also uses an inline intrusion prevention system with deep packet inspection to detect and prevent network intrusions. Another important feature is that It offers weekly security updates.
In this section, we will give information about:
- What is OPNsense?
- Features of the OPNsense firewall
- OPNsense firewall installation
Sensei (ZENARMOR)plugin of the OPNsense firewall
Figure 1. OPNsense Web GUI with Sensei (ZENARMOR) Plugin
OPNsense is an open source, easy-to-build and easy-to-use HardenedBSD based firewall and routing platform. The OPNsense project was founded by
Deciso, a company in the Netherlands, makes hardware and sells support packages for the OPNsense firewall. OPNsense began as a fork of pfSense® software and m0n0wall in 2014, with its first official release.in January of 2015. Meanwhile, when m0n0wall was decommissioned in February 2015, its creator, Manuel Kasper, assigned the developer community to OPNsense. And it continues to build a large community with thousands of supporters.
OPNsense provides weekly security updates in small increments to respond to new emerging threats in a timely manner. It also has a fixed release cycle of two major releases per year.
"Our mission is to make OPNsense the most widely used open source security platform. We give users, developers and business a friendly, stable and transparent environment. The project's name is derived from open and sense and stands for: "Open (source) makes sense." -Deciso
To learn how to install the OPNsense firewall, please refer to OPNsense Installation Tutorial.
OPNsense has many features intended for advanced users. Administrators can use the OPNSense firewall to configure network flow monitoring, full mesh VPN routing, WAN load balancing, HTTP load balancing, and much more.
OPNsense's feature set includes high-end features like forward caching proxy, traffic shaping, intrusion detection, and simple OpenVPN client setup.
The emphasis on security in OPNsense results in unique features such as the ability to use LibreSSL instead of OpenSSL (selectable in the GUI) and a custom version based on HardenedBSD.
OPNsense's reliable and robust update mechanism enables it to provide critical security updates in a timely manner.
It also includes reporting and analysis capabilities. You can monitor network traffic and optimize network performance.
One of the best aspects of OPNsense is that it exposes all of its functionalities through a web-based interface that is easy to use and available in multiple languages.
OPNsense implements a stateful firewall and allows administrators to group firewall rules by category, which is useful for more complex network configurations.
OPNsense has an Inline Intrusion Prevention System which is a powerful form of deep packet inspection. Rather than simply blocking an IP address or port, OPNsense can inspect individual data packets and, if necessary, block them before they reach the sender.
Core features of the OPNsense firewall are summarized in the following list.
- Stateful inspection firewall
- Intrusion Detection and Prevention
- Traffic Shaper
- Forward Caching Proxy (transparent) with Blacklist support
- Virtual Private Network (site to site & road warrior, OpenVPN & legacy PPTP, IPsec support)
- High Availability & Hardware Failover ( with configuration synchronization & synchronized state tables)
- Two-factor Authentication throughout the system
- Captive portal
- Build-in reporting and monitoring tools including RRD Graphs
- Netflow Exporter
- Network Flow Monitoring
- Support for plugins
- DHCP Server and Relay
- DNS Server & DNS Forwarder
- Dynamic DNS
- Encrypted configuration backup to Google Drive
- Granular control over state table
- 802.1Q VLAN support
OPNsense has a rich plugin collection that help network security professionals to extend their OPNsense nodes with additional functionality. These plugins can be easily and optionally installed on the firewall. Some of them are maintained and supported by the OPNsense team, while the majority are maintained and supported by the community.
Plugins can do the following:
- Allow custom start, stop and early scripts
- Persistent /boot/loader.conf modifications
- Additional themes for the web GUI
- Create new authentication methods to be used within other subsystems
- Provide other types of devices and interfaces to the firewall
- Modify the access control lists, menu and themes
- Add additional server software and their respective GUI pages
- Pull in additional packages that will update automatically
- Enhance the backend services with additional work tasks
The OPNsense Web GUI shows all plugins for production use in the firmware page and the pkg tool shows all packages (all Plugins are named os-pluginname).
One of the most important and useful OPNsense plugins is
Sensei (ZENARMOR) which provides application control and web filtering to protect the network infrastructure. We will cover the Sensei (ZENARMOR) plugin features in this article shortly. Please refer to official documentation for more information.
Sensei (ZENARMOR) is an all-software instant firewall that can be deployed virtually anywhere. For open-source firewalls, Sensei (ZENARMOR) provides cutting-edge, next-generation firewall features that are not currently available in products like OPNsense. If you want to use an open-source firewall and need features like Application Control, Network Analytics, and TLS Inspection, Sensei (ZENARMOR) provides these features and more.
Since Sensei (ZENARMOR) has an appliance-free, all-in-one, all-software, lightweight, and simple architecture, it can be instantly deployed onto any platform which has network access. You can install the Sensei (ZENARMOR) on a virtual machine or bare-metal, on your promise or any cloud platform.
Sensei (ZENARMOR) is fully integrated into the OPNsense Web User Interface and basically upgrades OPNsense into a Next Generation Firewall.
You can easily install the Sensei (ZENARMOR) plugin on your OPNsense firewall web UI by following these steps.
- Login your OPNsense web GUI se an account with administrative access such as
- Navigate to
- Click on the
+icon next to
os-sunnyvalleyto install the plugin. Once the vendor plugin is installed, you should see the Sensei (ZENARMOR) plugin available in the list of plugins as
- Click the
+icon next to
os-senseito install the plugin.
- After installing
Sensei (ZENARMOR), you should see the
Sensei (ZENARMOR)menu in the left sidebar of the OPNsense web interface.
- You will need to complete the
Initial Configuration Wizardfor Sensei (ZENARMOR) to be fully operational. For more information about initial configuration of Sensei (ZENARMOR) on OPNsense, please refer to the official documentation.
Although the preferred method of Sensei (ZENARMOR) installation is the web interface (see instructions here), you can also install the plugin using the command line interface via SSH or direct system access. For more information, please refer to Installing Sensei (ZENARMOR) on OPNsense via Command Line.
Sensei (ZENARMOR) is based on a state of the art security technology developed by Sunny Valley Networks. It is a very lightweight yet powerful packet inspection core that can provide a wide variety of enterprise-grade network security functions. Features of Sensei (ZENARMOR) are given below.
- Application Control
- Cloud Application Control (Web 2.0 Controls)
- Web Filtering and Security
- Advanced Network Analytics
- Real-time Cloud Threat Intelligence based blocking
- Cloud Centralized management & reporting
- Encrypted Threats Prevention (All-ports full TLS Inspection (for every TCP port, not just HTTPS) *Coming soon)
- User-based Filtering and Reporting
- Active Directory Integration
- Policy based filtering and QoS
- Application / Web category based Traffic Shaping and Prioritization
For detailed information about the Sensei (ZENARMOR) features, you may view the official product documentation.
Figure 2. IPFire Web GUI
IPFire is an easy-to-use, open-source stateful firewall that is built on top of Netfilter and trusted by thousands of companies worldwide. It is designed with a lot of modular considerations and is highly flexible. It has great customization flexibility. You can use it not only as a firewall, but also as a proxy server, or VPN gateway depending on your configuration. Another important feature it has is built-in IDS to detect attacks. Moreover, the
Guardian plugin provides you to implement automatic prevention.
In this article, we will cover the following topics briefly.
- What is IPFire?
- IPFire features
- IPFire installation
IPFire is a fortified, flexible, cutting-edge Open Source firewall based on Linux. Its ease of use, high performance in all scenarios, and extensibility make it suitable for all users.
IPFire began as a fork of
IPCop and has been completely rewritten on the basis of Linux From Scratch since version 2. It allows the installation of add-ons for the addition of server services, which can be extended into a SOHO server.
You can deploy IPFire on a wide variety of hardware, including ARM devices such as the
To learn how to install the IPFire firewall, please refer to IPFire Installation Tutorial.
In this subsection, we will first discuss the most valuable features of IPFire deeply and then list all features including the additional services.
One of the most significant advantages of the IPFire is its modular structure, which allows you to run it with exactly what you need and nothing more. The package manager makes it simple to configure all features and update them. IPFire has been designed to be adaptable to any existing security architecture.
The primary goal of IPFire is security. Its simple-to-configure firewall engine and Intrusion Detection System keep hackers out of your network. To manage risks inside the network and have a custom configuration for the specific needs of each segment of the network, the network is split into various zones with different security policies in the default configuration. Each segment of the IPFire configuration is color-coded as follows.
- Green: Trusted zone. This is where all regular client computers reside. Clients can access all other network segments without restriction.
- Red: Untrusted Zone/Internet. Unless specifically configured by the administrator, no Internet access is permitted to pass through the firewall.
- Blue: The wireless part of the local network. The clients on this network segment must be explicitly allowed before they may access the network
- Orange: the demilitarized zone (DMZ). Any publicly accessible servers are isolated from the rest of the network to limit the scope of a security breach.
Regular updates keep IPFire secure against security flaws and new attack vectors.
IPFire employs a Stateful Packet Inspection (SPI) firewall based on Netfilter, the Linux packet filtering framework. It filters packets quickly and achieves throughputs of several tens of Gigabits per second.
IPFire can be enhanced to include a virtual private network (VPN) gateway, which uses an encrypted link to connect remote people and places to the local network.
The Intrusion Detection System (IDS) of IPFire analyzes network traffic to detect exploits, leaking data, and other suspicious activity. When an attacker is detected, alerts are raised and the attacker is immediately blocked.
IPFire can be run as a virtual machine on the following hypervisors:
- Xen (paravirtualized and fully virtualized mode)
- VMWare (Workstation, vSphere, ESXi)
IPFire has a web-based management interface for changing settings. You can configure your network to suit your specific requirements, whether you need basic firewall protection or advanced logging and graphical reports.
The distro can also be fleshed out with a useful set of add-ons, such as Guardian, to provide it with additional functionality.
Main features of IPFire are listed below.
- Intrusion Detection system
- Web Proxy
- VPN termination
- Proxy and Relay for various protocols
- URL filtering/Content filtering
- DNS forwarding
- Full-fledged web proxy
- Multi-deployment facilitation such as a VPN gateway, a proxy server, or a firewall.
You can enhance IPFire to include supplemental network services such as:
- Routing the traffic to the Tor network or running a relay (TOR)
- Monitoring services like Nagios/NRPE
- Samba file server
- CUPS print server
- Mail server system including Postfix, SpamAssassin, ClamAV, Amavis
- WIFI Access-Point (HostAPD)
- Streaming server
- vsftpd ftp server
- Video Disk Recorder (VDR)
Untangle NG Firewall is a
Debian-based network gateway that includes pluggable modules for network security applications such as intrusion prevention, web filtering, spam filtering, anti-virus, anti-spyware, VPN, firewall, and others.
Untangle NG Firewall removes the complication from network security and saves administrators time. This firewall is designed to strike a balance between performance and protection, policy and productivity. It provides you a simple deployment and administration, with a user-friendly web-based GUI.
Figure 3. Untangle NG Dashboard and Appliances
It is an excellent fit for a wide range of organizations looking for a powerful, cost-effective network security solution capable of handling any IT challenge from small, remote offices to diverse school campuses and large, distributed organizations. The NG Firewall has various software modules that can be enabled or disabled based on individual needs. Untangle NG's basic network functions are supplemented with free and paid applications that add additional functions and capabilities, all managed via a web-based user interface.
Basically, you can easily install this firewall system on any hardware or virtual machine, or buy a device with NG Firewall preinstalled.
Untangle NG Firewall is available in the following deployment options:
- Hardware Appliance: An Untangle network appliance with NG Firewall preinstalled.
- Software Appliance: An installable version of NG Firewall for most x86 based devices.
- Virtual Appliance: A virtual appliance optimized for VMware deployments in private cloud infrastructure.
- Cloud Appliance: A virtual appliance available for Amazon Web Services or Microsoft Azure.
In this article, we will cover the following topics briefly.
- What is Untangle NG Firewall?
- Untangle NG features
Untangle NG is next-generation firewall/UTM software that combines everything your network requires to stay healthy on a single box: URL and spam filtering, virus scanning, VPN connectivity, multi-WAN failover capability and much more.
Untangle NG consists of a growing ecosystem of technology applications, or 'apps.' This approach makes Untangle NG Firewall extremely easy to use by greatly simplifying the UI and tailoring it to each deployment.
In this subsection, we will first discuss the most valuable features of Untangle NG briefly and then list all features.
Simplicity: Network management and ensuring that everything is adequately protected can be a time-consuming and expensive task. Untangle NG Firewall simplifies network security by providing a single, modular software platform that adapts to your changing requirements.
Untangle NG Firewall has a browser-based, user-friendly, and responsive interface that allows you to quickly gain visibility into network traffic. It provides a comprehensive, enterprise-grade network security platform for organizations of any size, from content filtering to advanced threat protection, VPN connectivity to application-based shaping for bandwidth optimization.
Comprehensive Security: The NG Firewall offers comprehensive security at the gateway by proactively preventing malware, hacking attempts, phishing schemes, and other threats from reaching clients.
Dashboard: On the dashboard, you can see the network activity at a glance, ensuring compliance with full event logs, and receive notifications of network anomalies or unusual user behavior via alert rules.
- Secure Connectivity: It also helps you to maintain user and data security regardless of location or level of access.
- Web Caching: Web Cache is used to improve browsing performance by caching and serving static elements locally. As a result, bandwidth is reduced and page loading times are shortened. Web Cache improves browser responsiveness, which leads to higher user satisfaction.
- Bandwidth Control: Bandwidth Control aids in the tracking and monitoring of bandwidth usage. It aids in the identification of problematic apps, websites, and users. Bandwidth control assists the user in managing bandwidth allocation.
- Reports: Untangle Reports is one of Untangle's best and most recent features. You can add your own reports. Reports provide users with statistical data and network activity. It generates reports on Applications, Web Usage, Web Filters, and other topics. You can send personalized reports via email or fax.
All of the Untangle NGs features are listed below.
- WireGuard VPN
- Threat Prevention
- Web Filter
- SSL Inspector
- Live Support
- Policy Manager
- Branding Manager
- WAN Failover
- WAN Balancer
- IPsec VPN
- Application Control
- Web Cache
- Bandwidth Control
- Virus Blocker
- Spam Blocker
- Directory Connector
- Web Monitor
- Application Control Lite
- Virus Blocker Lite
- Phish Blocker
- Intrusion Prevention
- Spam Blocker Lite
- Captive Portal
- Ad Blocker
- Tunnel VPN
pfSense® software is a firewall/router computer software distribution based on FreeBSD. pfSense Community Edition (CE) is a partially open-source version, whereas pfSense Plus is now closed source. pfSense® software is one of the leading network firewalls with commercial-level features.
Figure 4. pfSense® software Appliance
Chris Buechler and Scott Ullrich founded the pfSense® software project in 2004 as a fork of the m0n0wall project, and the first release was in 2006. The name comes from the fact that the software employs the PF packet-filtering tool.
You can install it on a physical computer or a virtual machine to make a dedicated firewall/router for your network. And you can configure the firewall via a web-based interface without needing any knowledge of the underlying FreeBSD system to manage.
To deploy and use the pfSense® software software, no prior knowledge of FreeBSD is required.
In addition to being a powerful, flexible firewalling and routing platform pfSense® software includes a long list of related features. To begin with, you can use pfSense® software to deploy an intrusion prevention system as well as enable VPN access.
It has successfully replaced every major commercial firewall on the market, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and others, in numerous installations around the world.
In this article, we will cover the following topics.
- What is pfSense?
- pfSense® software installation
- pfSense® software features
The pfSense® software Project is a free open source customized distribution of FreeBSD designed for use as a firewall and router that is entirely managed through an intuitive web interface.
pfSense® software is owned by Rubicon Communications, LLC (Netgate) and distributed under an open source license.
It has proven to be effective in countless installations ranging from single computer protection in small home networks to thousands of network devices in large corporations, universities, and other organizations.
pfSense® software is available as a hardware device, virtual appliance, and downloadable binary (community edition).
pfSense® software can be installed and configured on either virtual or physical servers. For more information about the installation of the pfSense® software firewall, please refer to pfSense® software Guide.
The pfSense® software comes with a web interface for configuring all of the included components. There is no requirement for any UNIX knowledge, no use of the command line, and no need to manually edit any rule sets. Users who are familiar with commercial firewalls adapt quickly to the web interface.
Because of its long history, pfSense® software may have the most extensive documentation and one of the largest user communities, with tutorials and videos posted on its official support channels as well as elsewhere on the web. The distro's commercial hosts also provide paid training courses to help you get the most out of your pfSense® software deployment.
The main advantage of pfSense® software is the ongoing support. The development team provides regular updates and support for this software. The pfSense® software package system allows for additional expansion without adding bloat or potential security vulnerabilities.
On a high-level, some of the worth mentioning pfSense® software features are:
- Firewall: IP/port filtering, limiting connections, layer two capable, scrubbing
- State table: by default all rules are stateful, multiple configurations available for state handling,
- Multi-WAN load balancing: use more than one internet connection.
- VPN (a virtual private network): support IPsec and OpenVPN
- Server load balancing: inbuilt LB to distribute the load between multiple backend servers
- NAT (Network address translation): port forwarding, reflection
- HA (High-availability): failover to secondary if primary fail
- Reporting: Keep historical resources utilization information
- Monitoring: real-time monitoring
- Captive portal
- Dynamic DNS: multiple DNS clients are included
- DHCP & Relay ready
- Disable filtering: You can completely disable the firewall filter if you want to turn your pfSense® software into a pure router.
- User authentication
- Content filtering and proxy filtering capabilities
- GeoIP blocking
You also have an option to install the following packages with one click.
- Services: iperf, widentd, syslog-ng, bind, acme, imspector, git, dns-server
- Networking: netio, nut, Avahi
- Routing: frr, olsrd, routed, OpenBGPD
- Security: a stunner, snort, tinc, nmap, arpwatch
- Monitoring: iftop, ntopng, softflowd, urlsnarf, darkstat, mailreport
We strongly recommend you to install Sensei (ZENARMOR) on your pfSense® software firewall so that you have an additional layer of security for your network infrastructure. By installing the Sensei (ZENARMOR) on your pfSense® software node you can get benefits of using web filtering and application controls capabilities. For more information about how to install and configure Sensei (ZENARMOR) on your pfSense® software firewall, please refer to our official documentation.
Iptables is a well-known utility and best open source firewall for Linux applications that gives a system administrator the ability to configure and analyze network statistics. It is a terminal based, effective and customizable firewall software that is widely used among the experienced Linux administrators to protect their servers.
Figure 5. Iptables list output
nftables is iptables' successor. Nftables allows for much more flexible, scalable and performance packet classification.
When an iptables-enabled system receives a packet, it searches its rule list for a match. If it cannot find one, it falls back on the default action.
In this article, we will cover the following topics.
- What is iptables?
- iptables installation
- iptables features
Iptables is a user-space utility tool that allows an administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as various
Netfilter modules. Netfilter is the firewall framework on Linux, and iptables is the utility that manages and controls Netfilter. Iptables can be used to filter incoming and outgoing network packets as well as route them. The filters are organized in different tables, which contain chains of rules for how to treat network traffic packets.
Currently, different kernel modules and programs are used for different protocols:
- iptables for IPv4
- ip6tables for IPv6
- arptables for ARP
- ebtables for Ethernet frames.
Iptables almost always comes pre-installed on any Linux distribution. To update/install it, just retrieve the iptables package. Before installing the iptables, You must also uninstall any other firewall management utilities like UFW on your firewall.
Debian based or
Ubuntu server you can run the following commands to install iptables.
sudo apt-get updatesudo apt-get install iptables
The default configuration file for iptables can be found in
/etc/sysconfig/iptables. You can modify it with the text editor of your choice.
On a Red Hat Enterprise Linux (RHEL) 7/8 and CentOS 7/8 you can run the following commands to install iptables.
- Run the following commands to stop and mask the firewalld service that you don't want to use:
systemctl stop firewalldsystemctl mask --now firewalld
- Install the iptables-services package (if it is not already installed) by running the following command:
yum install iptables-services -y
- Enable the service to start at boot time by running the following commands:
systemctl enable iptablessystemctl enable ip6tables
iptables consists of the following 3 main components.
1. chains: There are 5 chains in iptables and each is responsible for a specific task
Input: Used to manage incoming packets/connections
Output: Outgoing packet after it has been created/processed.
Forward: Forwards incoming packets from their source to destination (routing).
Prerouting: After the packet enters the network interface.
Postrouting: Before the packet leaves the network interface after the routing decision has been made.
2. tables: A table is a collection of chains that serves a particular function. There are five types of tables in iptables.
Filteris responsible for filtering and restricting the packets to/from our computer.
Natis responsible for Network Address Translation.
MangleTable is used to modify packet headers
Rawdeals with the raw packet as the name suggests. Mainly this is for tracking the connection state.
Securityis responsible for securing your computer after the filter table. Which consists of
3. targets: Targets specify where a packet should go. This is decided using either iptables' own targets: ACCEPT, DROP, REJECT, or it's extensions' target which are 39 at the moment and the most popular ones are DNAT, LOG, MASQUERADE, REJECT, SNAT, TRACE and TTL.
ACCEPT: Stop processing and let the packet flow.
REJECT: Drop the packet by giving feedback.
DROP: Stops processing at the current chain and drops the packet.
LOG: Similar to ACCEPT, however, it is logged to the /var/log/messages.
Iptables allows the system administrator to define tables containing chains of rules for the treatment of packets. Packets are processed by sequentially traversing the rules in chains. Every network packet arriving at or leaving from the computer traverses at least one chain. Incoming packets are analyzed at each chain and are tested against a set of rules. If a rule is matched, the target is set.
The features and attributes of the iptables firewall are as follows:
- It has packet filter rulesets that allow for content listing
- It employs a packet header inspection approach, which makes the firewall extremely fast.
- Editable packet filter rulesets enable the administrator to add, modify, or remove a firewall configuration rule
- listing/zeroing per-rule counters of the packet filter ruleset
- It can be used for data file backup and restoration in conjunction with the firewall's functionality.
Iptables can only provide you with a L4 firewall/second generation firewall features to protect your networks. Since iptables is not a next generation firewall and does not have application layer/L7 filtering capabilities, we strongly recommend you to use
Sensei (ZENARMOR) on your iptables firewall. For more information about how to install
Sensei (ZENARMOR) on your Linux firewall, please refer to Sensei (ZENARMOR) official documentation.