You're walking down a dark alley, late at night, when suddenly someone jumps out at you and forces you to hand over your passport, your credit cards, and the keys to your car. This is a good analogy of what using the internet is like.
Around every corner lurks danger, and with today's always-on connections, you may have the internet equivalent of burglars without realising. For ultimate computer security, a firewall is similar to having a big, burly bodyguard walking down the street with you, keeping you safe. Whether it be your home or office network, a firewall distribution should be able to help you.
Most firewalls are designed to run in one of two places. First, there are firewalls designed to sit on your machine, and protect you from the internet wherever you go.
Most Linux distributions have Iptables, which will protect your computers or servers individually. The other kind of firewall is designed to sit between your network and the connection to the internet (or another network). We'll be looking at a selection of these in this Roundup.
With the massive choice of firewall distributions that's available today (see here for a list), we'll look at what makes some options better than others, and which might be best for you and your particular computer setup.
ClearOS: The distro that combines ease of use with functionality
ClearOS is by far the sleekest looking firewall distribution we're reviewing. It's obvious that a lot of time and attention has gone into developing the interface, with much of that effort spent focusing on usability issues.
As most firewall distributions are written for the stereotypical geek, it's nice to see a refreshing change in what seems to have become the de facto standard of 'cobble it together and think about the interface afterwards'.
ClearOS's website claims that the installation will take as little as two minutes. In our tests, we found that it was closer to 15 minutes, but the process was painless and straightforward, and once again, the usability of the whole thing has clearly been given a lot of thought.
Once you've set yourself up and got into the web-based administration system, it doesn't take long for you to familiarise yourself with the system, thanks to its ease of use. Setting up firewall rules is quick and painless, as is much of the other configuration.
ClearOS's most pertinent feature is its usability, but this distribution is about a lot more than just sleek looks. It packs in plenty of features as well – not only does it give you a simple, clean way to manage a firewall, but it enables you to add extra services to your network.
This means that if you're fed up with that Windows box sitting in the corner running all your fileshares and printer services, you can replace it with a ClearOS system.
Overall, ClearOS is a powerful distribution, backed by a corporate arm, giving you the tools you need to run your network, and the option to expand things further as and when your specific requirements dictate.
ClearOS Enterprise 5.1
A well thought-out distribution that's refreshingly easy to use and expand to suit your needs.
IPCop: A versatile and lightning-quick colour-coded distro
This distro has been touted by many as 'The Smoothwall Killer'. Working along similar lines to Smoothwall Express, IPCop uses colours to represent different connections. Green is for LAN, red for the internet, orange for DMZ, and blue for separating out wireless clients.
In fact, IPCop is a fork of Smoothwall, so you'll probably find a lot of similarities between the two. IPCop was forked from Smoothwall back in 2002, and has grown in strength since then.
Installation is simple and easy to follow, with a few wildcard questions thrown into the mix. While these may puzzle the novice user, accepting the default options won't cause any issues (unless you have a strange network setup).
IPCop's web interface feels clunky, although our tests proved that this was merely psychological, because it was actually incredibly responsive. However, other than the 'real-time' graphs that Smoothwall provides, IPCop gives a lot more information about your LAN setup, and about the running of the firewall itself, including a list of the connections that are currently open.
IPCop also gives you functionality that's useful if you're still using dial-up, because you can have a separate username and password to control the dial-up connection, without giving access to change the rest of the settings on your firewall.
It also provides a 'caching proxy', so that you can cache frequently accessed pages locally.
IPCop does a good job as a firewall, giving plenty of information about traffic on your network, and while it might not be the prettiest distro in the world, it does what it's designed to do.
Its interface doesn't look great, but it protects your network effectively.
eBox Platform: This one's more than just a firewall distro
EBox Platform isn't pushed as a firewall distribution by its creators, but as a 'Linux Small Business Server' – and it certainly lives up to that billing.
As it's based on Ubuntu Server 8.04, installing eBox on your system is very similar to a normal Ubuntu install. You can also install the various components of eBox on to a generic Ubuntu LTS version by simply adding an APT repository and installing certain packages.
This is useful if you already have a box lying around with Ubuntu installed on it, or if you only require certain parts of the eBox Platform (ebox-network and ebox-firewall, for example). This is because eBox has been built around the core of Ubuntu Server, and uses its components internally. For more information about the different ways that you can install eBox Platform, have a look at this page.
Once it's installed, you log into eBox with your browser, using the password you provided during installation. At this point, you may find yourself horrendously overwhelmed by the sheer number of options that eBox gives you. But rest assured, because once you find the firewall screen, configuring it is simple.
While eBox Platform is one of the biggest firewall distributions we tested in terms of the sheer size of the download, you've got to remember that it packs in a lot of features, including database and SIP servers, although it lacks Active Directory authentication.
We've also given eBox Platform extra marks for the fact that it offers so much by way of configuration, and provides almost everything you'd need to run your home or office network right from the default install.
eBox Platform 1.4
Don't be put off by the seemingly overwhelming interface, because this offers so much more than a firewall.