Shashank Sharma will only use a firewall distribution if it’s easy to set up and manage. Does IPFire pass the test with flaming colours…? Read our IPFire 2.21 Review.
One of the several firewall distributions that helps filter traffic and protects your network from Internet-bourne ills. IPFire is easy to deploy and configure, and can be manipulated via a web-based interface from within the network. See also: the FreeBSD-based pfSense, OPNsense and commercial options Untangle and Smoothwall.
The iptables firewall built into your Linux distribution does an excellent job of shielding your installation from the bad bits floating around on the Internet. While iptables safeguards your Linux computers, the protection doesn’t extend to other always-connected portable and IoT devices in your network. This is exactly where distributions such as IPFire shine because they help put up a firewall server with ease.
IPFire uses a Stateful Packet Inspection (SPI) firewall that’s built on top of netfilter and helps facilitate Network Address Translation (NAT), packet filtering and packet mangling.
You can set up the firewall for a range of tasks: everything from forwarding ports to creating a DMZ. The distribution’s kernel is hardened with the grsecurity patchset to thwart zero-day exploits, and comes with strict access controls.
The project has modest system requirements. In fact it’s one of the best ways to put an old computer to use. Even a single core processor with 1GB RAM can work well as a firewall server with IPFire, but you must make sure it has at least two network interfaces and 4GB of disk space. A bigger hard disk will give you more dexterity to flesh out the IPFire installation.
Easy and effective
Installing IPFire is fairly straightforward since it’s supposed to be the sole distribution on the computer. The most important aspect of the installation process is the Network configuration menu, which comes up right after you’ve set up the authentication information for the root user. The installer automatically detects the number of network interfaces attached to the machine and then asks you to assign them to one of the four colour-coded zones. One of the most common configuration is the default Green + Red mode, which works for servers with two network adapters.
In this setup the first adapter is connected to the ISP’s modem and marked as the Red interface. The second one marked as Green is connected to the router serving the internal network. You’ll also have to ask the IPFire server to act as the DHCP and DNS server and hand out IP addresses to the computers connected via the Green interface. It might sound obfuscated, but setting it up is actually an intuitive process.
Also intuitive is its web interface that runs on port 444. While IPFire is based on Linux From Scratch, it has borrowed the browser-based interface from the IPCop distribution. The administration interface has a simple
Before pushing it into active service on your network, you can fiddle around with IPFire using VirtualBox’s internal networking feature.
and easy-to-navigate layout with the various different aspects of the server grouped under tabs listed at the top of the page. Furthermore, it’s logically arranged and clearly marked, which significantly simplifies the process of setting up the various aspects of the firewall as well as its different components.
In addition to its firewalling duties you can also use IPFire to detect and prevent intrusions using a combination of Snort and an add-on called Guardian. The server can be used as a URL filter, a caching name server, an update accelerator, and more. It includes Squid and can easily double up as a web proxy, and you can also use it to create VPNs with both IPsec and OpenVPN.
On top of this, IPFire ships with an extensive package management utility that makes it fairly simple to flesh out the basic installation. There are some useful add-ons such as the ClamAV virus scanner, Bakula backup, Asterisk PBX and more. You can also use the package manager to update the distribution to any new release. The latest update switches to the long-term support (LTS) Linux kernel 4.14 release along with a slew of bug fixes.
DEVELOPER: The IPFire project
|EASE OF USE
IPFire is a wonderful gateway server for home office networks, and since the official documentation discusses the setup and usage in detail, you’re unlikely to feel lost at sea.
IPFire is a wonderful gateway server for home office networks, and since the official documentation discusses the setup and usage in detail, you're unlikely to feel lost at sea.