Free and Open Source Network UTM Firewalls
pfSense
pfSense is an open source security solution with a custom kernel based on the FreeBSD OS. It is a software distribution that is customised especially to be used as a firewall and router. This open source firewall can be installed on bare metal hardware and be managed entirely through a Web interface. Apart from firewalling and routing platforms, you can expand its functionality by using its many features, without adding bloat and potential security vulnerabilities to the base distribution.
Features
- Firewall – IP/port filtering, limiting connections, Layer 2 capable, scrubbing
- State table – By default, all rules are stateful, and there are multiple configurations available for state handling
- Server load balancing (LB) – Inbuilt LB to distribute load between multiple backend servers
- NAT (network address translation) – Port forwarding, reflection
- HA (high-availability) – Failover to secondary if primary fails
- Multi-WAN (wide area network) – Uses more than one Internet connection
- VPN (virtual private network) – Supports IPsec and OpenVPN
- Reporting – Keeps historical resource utilisation information
- Monitoring – Real-time monitoring
- Dynamic DNS – Multiple DNS clients are included
- DHCP and relay ready
Some examples:
- Security – Stunner, Snort, Tinc, Nmap, arpwatch
- Monitoring – iftop, ntopng, Softflowd, urlsnarf, darkstat, mailreport
- Networking – NetIO, nut, Avahi
- Routing – FRR, OLSRd, routed, OpenBGPD
- Services – Iperf, widentd, syslog-ng, bind, Acme, Imspector, Git, DNS-server
ClearOS
ClearOS is a CentOS based open source firewall that transforms your standard PC into a committed firewall and Internet server/gateway. ClearOS has three editions: ClearOS Business, ClearOS Home and ClearOS Community. The community edition is free for a lifetime but for the other two, you need to purchase a subscription. It is one of the best open source firewalls for small to mid-sized businesses (SMBs). It is a complete network solution and you can extend the functionality by installing the apps such as the bandwidth manager, DHCP server, DMZ, DNS server and more.
Features
- Firewall, networking and security
- Provides several levels of security
- Bandwidth QoS manager
- DMZ, 1-to-1 NAT and port forwarding
- At the protocol level, the peer-to-peer detection system lets you manage file sharing usage
- Intrusion detection and intrusion prevention systems
- Virtual private networking
- Web proxy and content filtering
IPFire
IPFire is built on top of Netfilter and is an open source distribution. IPFire was designed with both modularity and a high level of flexibility in mind. It can be used as a firewall, proxy server or VPN gateway. The IDS (intrusion detection system) is inbuilt, so attacks are detected and prevented from Day One. And with the help of Guardian (an optional add-on), you can implement automatic prevention.
Features
- Stateful packet inspection (SPI)
- Proxy server with content filter and caching functionality
- Intrusion detection system
- VPN via IPsec and OpenVPN
- DHCP server
- Caching name server
- Time server
- Wake-on-LAN (WOL)
- Dynamic DNS
OPNsense
OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. It includes most of the features available in expensive commercial firewalls, and more. OPNsense offers the rich feature set of commercial offerings with the benefits of open and verifiable sources.
Features
- Traffic shaper
- Captive portal
- Forward caching proxy
- Virtual private network
- High availability and hardware failover
- Intrusion detection and inline prevention
- Built-in reporting and monitoring tools
- Support for plugins
- DNS server and DNS forwarder
- DHCP server and relay
VyOS
VyOS is an open source network operating system based on Linux and includes multiple applications such as Quagga, ISC DHCPD, OpenVPN, StrongS/WAN and others, under a single management interface. It can be installed on any physical hardware, on a virtual machine or a cloud platform.
Features
- VLANs
- Static and dynamic routing
- Firewall rulesets for IPv4 and IPv6 traffic
- Tunnel interfaces
- PPPoE, GRE, IPIP, SIT, static L2TPv3, VXLAN
- VPN
- NAT
- DHCP and DHCPv6 server and relay
- NetFlow and sFlow
- Web proxy and URL filtering
- QoS policies (drop tail, fair queue, and others), traffic redirection
- VRRP, connection table synchronisation
Smoothwall
Smoothwall is a Linux distribution designed to be used as an open source firewall. It is configured via a Web based GUI and requires little or no knowledge of Linux to install and use it. Smoothwall Express supports LAN, DMZ, internal/external network firewalling, Web proxy for acceleration, traffic stats, etc. Shutting down or rebooting is possible directly through the Web interface.
Features
- Supports LAN, DMZ and wireless networks
- External connectivity via Static Ethernet, DHCP Ethernet, PPPoE, PPPoA using various USB and PCI DSL modems
- Port forwards, DMZ pin-holes
- Outbound filtering
- Timed access
- Simple to use Quality-of-Service (QoS)
- Traffic stats, including per interface and per IP totals for weeks and months
- IDS via automatically updated Snort rules
- UPnP support
- List of bad IP addresses to block
Untangle
Untangle NG Firewall takes the complexity out of network security—saving users’ time. This firewall is intended to balance performance and protection, policy and productivity. It’s an ideal fit for a range of organisations seeking a powerful, cost-effective network security solution that can handle any IT challenge — from small, remote offices to diverse school campuses and large, distributed organisations. The NG Firewall has different software modules that can be enabled or disabled as per individual requirements. These software modules are also called apps. They are both free and paid apps. So, for full functionality, you have to buy subscriptions for what you want.
Features
- Virus blocker
- Firewall
- Web monitor
- Spam Blocker Lite
- Ad blocker
- OpenVPN
- Captive portal
- Intrusion prevention
- Phish blocker
Endian Firewall
Endian Firewall is a full-featured unified threat management solution, which uses the stateful packet inspection concept based firewall. It can be deployed as a proxy, gateway, and router with Open VPN.
Some of the features provided by the Endian Firewall are displayed in Figure 6.
- Endian is a bi-directional firewall
- It protects the network from Internet threats
- By analysing the traffic flow, it prevents intrusion into the network
- It has VPN with IPsec, which provides a secure and simple VPN tunnel through which many users can connect from a remote location
pfSense is a free open source firewall and router.
Shorewall firewall is a tool designed to configure Netfilter.
Smoothwall Express is an open source firewall based on a hardened GNU/Linux OS.
StillSecure deliver a software based firewall solution known as Cobia. Cobia can be installed on VMware as well. Cobia includes the ability to perform Routing, DHCP, DNS, Wireless, Firewall, VPN, Content Filtering, Reporting and more. Cobia can use modules provided by StillSecure or other third party organisations and developers. Cobia software comes as a public community license and a commercial use license. Via the StillSecure Community License, users can freely download and modify the source code.
Zeroshell is a Linux based firewall. The firewall has some good functionality such as the ability to load balance internet connections, integrate with LDAP, captive portal for web login authentication and more.
Firewall Management Software Solutions Vendor List
AlgoSec deliver Firewall Analyzer which provides firewall policy auditing, policy cleanup, risk analysis, change monitoring and more. Algosec supports all the major firewall vendors. Algosec also offer AlgoSec FireFlow which is a change management solution.
Secure Passage is a specialist in managing firewalls and offer a solution called Firemon. Firemon will give you visibility to unused rules and which rules are used and the frequency they are used. Firemon supports a large range of firewalls such as Cisco Checkpoint and others. Firemon also supports routers and load balancers. The solution will help you keep in control of your firewall policies, provide PCI DSS assistance, policy cleanup and provides other advantages as well.