Free barracuda firewall software for linux

BullDog is a powerful but lightweight firewall for heavy use systems. With many features, this firewall can be used by anyone who wants to protect his/her systems. This system allow dynamic and static rules sets for maximum protection and has several advance features.

This firewall will work for the hobbyist or a military base. Generation 7 is a complete rewrite of its predecesors and is redesigned from scratch and still evolving.

Be prepared to spend some time setting this up. If you are looking for a "quick fix", then you are on the wrong site. BullDog is NOT a quick fix, but rather one step in a complete security policy.

Its is covered by the GPL and is FREE and always will be. I encourage and welcome anyone who wants to port and/or provide ideas/code to better this software.

I would like to see this software developed into a new breed of firewall that provides the best of security with ease of use.

This software was developed on Linux v2.2.16-17 and v2.4 with 64 megs to 1 Gig of RAM and supports iptables via the ip_queue kernel module. Bulldog will NOT run on Windows systems.

Gibraltar Firewall is a firewall and router package, based on Debian/GNU Linux, which perfectly meets all individual requirements for a state-of-the-art firewall.
Independent of the kind of Internet connection (dedicated line, ADSL, dial-up connection), Gibraltar provides for secure connections. So you can turn to something more important without ruffle and worries - your job!
Gibraltar is free for private use. The private license is restricted to a maximum of 5 concurrent connections and includes the easy-to-use webinterface. For obtaining a private license, please contact us via email.
Attention: Without a valid license file, Gibraltar will not run properly!
For the private use of Gibraltar, no claim on support or guarantee can be raised.
All ISO images are copyright of Rene Mayrhofer and eSYS Information Systems GmbH, but may be copied and distributed freely. Several components of Gibraltar are under GPL or BSD license. For detailed usage licenses read the packet documentations under /usr/share/doc on the ISO image.
If you would like to distribute Gibraltar commercially, please refer to our partner program.
Gibraltar can be completely configured with the web-based configuration tool GibADMIN. The configuration of Gibraltar occurs over an encoded, secured connection, and can be done with any browser. The web-interface is designed intuitional and concise, and enables the administrator to change the configuration very easy and quick.
Gibraltar convinces through jutting flexibility and extensive functionality.
Main features:
- SYSTEM
- Live CD technology: Gibraltar boots and runs fully off CD-ROM
- No hard disk installation required
- Specially hardened Linux kernel
- Languages: English, German, Finnish
- Remote configuration with web interface (SSL 128 Bit) or remote login (SSH)
- Easy configuration management
- Automatic live updates: interval can be configured
- NETWORK SUPPORT
- Ethernet: 10/100/1000 MBit/s: static or DHCP, virtual IP addresses
- ADSL Ethernet modems: PPP over Ethernet, PPTP
- ADSL USB modems: PPP over ATM
- Modem dial in: serial, USB
- Unlimited number of network interfaces
- STATEFUL PACKET INSPECTION
- Protocol support: ICMP, TCP, UDP, GRE, ESP, AH, IPv4-over-IPv6
- Flexible packet filter: interface, MAC address, IP address, service, port,....
- NAT: Network address translation: dynamic and static
- PAT: Port address translation: load balancing (Round Robin)
- Free definition of aliases and groups: addresses and ports
- DoS/flood - protection: predefined, expandable
- Randomized IP sequencing
- Selective TTL manipulation
- Protocol pass through: PPTP, FTP, H.323, IRC
- VPN (VIRTUAL PRIVATE NETWORKS)
- VPN IPSec gateway
- VPN PPTP server: MPPE 128 Bit data encryption
- Network-to-network VPN
- Network-to-client VPN: compatible with Microsoft Windows 2000 / XP
- Unlimited number of VPN tunnels
- Authentication with PSK (Private shared key) and X.509 certificates
- Encryption: 3DES, Blowfish, Twofish, AES, CAST, Serpent
- Authentication PPTP: CHAP, MS-CHAPv1, MS-CHAPv2
- NAT traversal
- Perfect forward secrecy (PFS)
- DEEP PACKET INSPECTION
- Secure SMTP relay: incoming, outgoing, attachment blocking, block lists, antivirus and spam protection
- Transparent HTTP proxy: no client configuration necessary, spam protection
- User authentication: user list, active directory integration, LDAP
- Content caching
- Content scanning: antivirus, cookies, active X, java script
- FTP proxy: transparent outgoing, incoming
- Transparent POP3 proxy: antivirus, spam protection and protection of dangerous attachments
- ADDITIONAL SERVICES
- Dynamic DNS
- DHCP server
- Secure DNS resolve
- SSL wrapper for arbitrary services
- Portscan detection
- Antispam filter: rule based, Bayes, RBL, Razor and DCC
- ClamAV virus scanner
- OPTIONAL: Kaspersky virus scanner

Automatic Firewall is a script that will automatically configure a firewall. If you are a broadband or dial-up user who doesnt have a firewall script, you need to get one to protect yourself. AutoFW is made to help you do that with no efforts.
Many people when connecting to the internet need a firewall script made for them so they can surf the net without being susceptible to various attacks. Most, if not all (until now :-), of the existing scripts are written for a large range of requirements and require some tweaking to make them work for a specific user. However many users do not know which parameters to fill in the script config file.
AutoFW intends to provide a simple firewall script that you just need to fire and forget. You make sure to run it on computer start-up or just before connecting to the net, and it will detect network condition and setup appropriate firewall rules for you.
In order to be "smart" AutoFW has to be limited, the current scope of AutoFW are standard broadband connections, it will also cover dial-up users and stand-alone servers.
AutoFW works only for Linux IPTables firewall and needs the iptables utility to update the firewall, it also needs the ifconfig utility, both of these are available on any standard install of a GNU/Linux machine.
AutoFW also needs the ip program which is part of the iproute2 package, sometimes also called iproute. It is available as a package for any standard GNU/Linux install, not it might not be installed in your particular.
There are two parts that do automatic detection, one is for interfaces and IPs and the other is for open listening ports.
The interface part looks at all the active interfaces in the machine and classifies them between internal and external. It does that by looking at the IPv4 address of the device. If it is one of:
127.0.0.0/8
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
it is considered to be an internal IP and thus an internal interface, otherwise it is an external IP and thus an external interface. There is no handling of an interface with both an internal and an external IP on it.
The listening ports are scanned for a known port and the accompanying known program name that binds to that port, known ports are opened later in the configuration stage.
The configuration itself is very simple for now, without many of the bell and whistles that exist in other scripts, but it works for the basic needs and provides adequate protection.
Enhancements:
- Internal systems are now protected, as well as servers and NAT gateways.

HardWall Firewall is an iptables firewall script that provides port forwarding, packet filtering, stateful packet inspection, port redirection, masquerading, SNAT, DNAT, NAT, and bridging.
HardWall Firewall functions as both a workstation firewall and an IP forwarding firewall.
Enhancements:
- Updated: The Reserved IP Address list in the main config file
- Added: Example Bridge (rc) startup script in the contrib directory

Quarantine firewall is yet another firewall that has masquerade, type-of-service, and traffic shaping features.

Simply do make install. It will copy the module files, qconfig, qmodule and a sample configuration file to /etc/quarantine.d. quarantine and netrouter then goes to /etc/init.d.


The configuration file /etc/quarantine.d/rc.quarantine can be edited manually (see README file) or via the configuration utility qconfig.

The thing youll have to do is creating a symlink in /etc/rc.d/rc[whatever].d named S99netrouter and K00netrouter pointing at /etc/init.d/netrouter.

The firewall script (quarantine) is designed to get the hosts IP adress when connecting to the internet. Youll need to put a /etc/init.d/quarantine start in the /etc/ppp/ip-up file - also insert a /etc/init.d/quarantine stop in the /etc/ppp/ip-down script file.

LutelWall (formerly known as Lutel Firewall) is high-level linux firewall configuration tool. It uses human-readable and easy to understand configuration to set up Netfilter in most secure way. Its flexibility allows firewall admins build from very simple, single-homed firewalls, to most complex ones - with multiple subnets, DMZs and traffic redirections. It can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone system. Configuration method of this firewall is made to be as simple as possible without loosing Netfilter flexibility and its security facilities.
Main features:
- flexible control over traffic using rule set
- user-defined protocols support
- support for any kind multiple external and internal interaces (and aliases)
- automated MASQUERADE / SNAT support
- easy to set up DNAT (transparent proxy, redirections to LAN/DMZ etc.)
- rate limit extensions
- packet marking for 3rd party shapers
- TOS (Type of Service) traffic optimizer
- both passive and active FTP support
- DHCP support
- can work as "workstation" firewa
- stateful TCP connection tracking with restrictive TCP chain
- blocking all stealth mode scans (FIN, Xmas Tree, Null, Windows scan or ACK scan modes (nmap -sF -sX -sN -sW -sA)
- blocking IP protocol scans (nmap -sO)
- blocking UDP scans (nmap -sU)
- blocking identification via TCP/IP fingerprinting (nmap -O)
- anti-spoof protection, including protection for aliases
- anti-smurf protection
- TCP SYN Flood protection
- UDP / ICMP Flood protection
- IANA reserved addresses checking
- SYSCTL parameters set for increased strength
- logging stealth scans (FIN, Xmas Tree, Null), ACK scan modes (nmap -sF -sX -sN), IP protocol scans (nmap -sO), UDP scans (nmap -sU), nmap fingerprinting attempts.
- autodetect of connection type (static/dynamic, external/internal)
- auto update of firewall tool
- auto update IANA reserved list
- display firewall statistics in iptables native, csv or html format
- easy deployment on all distributions
Enhancements:
- fixed iptables version checking