Best Firewall to learn on Linux (or in Open Source)

jm0202jm0202 Member Posts: 87 ■■□□□□□□□□
Hey Guys I am trying to learn more into IPS/IDS and firewalls...
Of course I would like to learn using Linux (Open Source).. I know I can learn IDS/IPS using SNORT.... However...
I am not sure what to use to learn Firewalls in Linux (other than Iptables).
Do you guys know about about a good linux app that I can use to learn Firewalls (other than packet filtering)?
Thanks

Comments

  • TeKniquesTeKniques OSCE, OSCP, CISSP, CISA, SSCP, MCSE (03), Security+, Network+, A+, Project+ Member Posts: 1,262 ■■■■□□□□□□
    Hi,

    Take a look at PfSense: Welcome to pfSense - Open Source Firewall and Router Distribution - pfsense.org

    Ran into it a lot and it's pretty configurable.
  • jibbajabbajibbajabba Member Posts: 4,317 ■■■■■■■■□□
    PFSense can be daunting but I agree - if you don't mind a learning curve it is the way to go.

    I, however, am lazy. I am using "ClearOS" - nice GUI and lots of downloadable modules (advanced firewall, port forwarding, simple firewall, NAT, 1to1 Nat etc. etc.)

    It is based on CentOS 6

    ClearOS | Overview | Software

    Having said that - if learning is your main objections, then I am afraid the best way is indeed just installing a base OS, like CentOS etc. And configure it as firewall. All distros will use Iptables anyway so it depends whether you like to jump into the deep end or not :)
    My own knowledge base made public: http://open902.com :p
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    Security onion is a great all in one package that lets you spend time actually working with FW IDS, etc rather then dealing with some of the issues of dependencies, and correct lib versions, etc. So, while it is good to learn how to build stuff from scratch, if you just want to start with the higher level stuff, the sec onion is a good choice.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Learning firewalls and ID/PS systems require a fundamental understanding of TCP/IP. If you have minimal experience with either firewalls and ID/PS solutions, I suggest looking into firewalls first. ID/PS involves a lot more in-depth inspection than traditional firewalling. While Security Onion is great and setting it up can be simple depending on deployment strategy, there are a lot of moving parts and understanding how to use it is another thing entirely.

    Managing firewalls and managing intrusion detection and prevention is not the same thing, at least beyond the basic configuration. The latter requires much more analysis skills and an understanding of threats, protocols, payloads, and other traffic-stream related anomalies. A lot of people who understand firewalls lack real knowledge about intrusion detection. This is why I suggest starting with firewalls.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • SephStormSephStorm Member Posts: 1,732
    I agree, the problem for me was having an environment that was productive to use a firewall. The best option may be to build a virtual network with a device running pfsense and cisco routers, that way you can generate traffic and test your rules.
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    SO has tcpreplay installed with some sample pcaps Pcaps - security-onion - Where to find pcaps to test your Security Onion installation with - Security Onion is a Linux distro for IDS, NSM, and log management. - Google Project Hosting and you can always grab more from Public PCAP files for download If you want, you can setup a small lab with two other boxes/VMs and have them send traffic past (or through if you set it up that way) your sensor such that you can make it seem like you are watching the link between an internal network and the internet.
Sign In or Register to comment.