Where can I Download a Free Firewall?

Free firewalls have become very common and represent an excellent alternative to commercial firewall packages.


Most of these firewalls run under some form of Linux, FreeBSD, or OpenBSD.

Many of these free firewalls are front-ends for the lower-level firewall packages which ship with these operating systems, such as pf (Packet Filter), ipf (IPFilter), ipfw (IPFirewall), and iptables.

Free firewall packages which you can download include:

Firestarter
Firesarter is a free firewall tool for Linux machines. Whether you simply want to protect your personal workstation or you have a network of computers to secure, Firestarter is here to make your life easier. While a firewall can not guarantee security, it is the first line of defense against network based attacks.

Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators.

We strongly believe that your job is to make the high level security policy decisions and ours is to take care of the underlying details. This is a departure from your typical Linux firewall, which has traditionally required arcane implementation specific knowledge.

Open Source software, available free of charge
User friendly, easy to use, graphical interface
A wizard walks you through setting up your firewall on your first time
Suitable for use on desktops, servers and gateways
Real-time firewall event monitor shows intrusion attempts as they happen
Enables Internet connection sharing, optionally with DHCP service for the clients
Allows you to define both inbound and outbound access policy
Open or stealth ports, shaping your firewall policy with just a few mouse clicks
Enable port forwarding for your local network in just seconds
Option to whitelist or blacklist traffic
Real time firewall events view
View active network connections, including any traffic routed through the firewall
Advanced Linux kernel tuning features provide protection from flooding, broadcasting and spoofing
Support for tuning ICMP parameters to stop Denial of Service (DoS) attacks
Support for tuning QoS parameters to improve services for connected client computers
Ability to hook up user defined scripts or rule sets before or after firewall activation
Supports Linux Kernels 2.4 and 2.6
Translations available for many languages (38 languages as of November 2004)
Zorp GPL
Zorp is a new generation proxy firewall suite and as such its core architecture is built around today's security demands: it uses application level proxies, it is modular and component based, it uses a script language to describe policy decisions, it makes it possible to monitor encrypted traffic, it let's you override client actions, it let's you protect your servers with its built in IDS capabilities... The list is endless. It gives you all the power you need to implement your local security policy.

Using script language as configuration and decision language(Python)
Supported protocols:
HTTP/1.1
FTP
SSL
finger
plug
whois
telnet
Utilizing modular application gateways
Able to analyze sub-protocols (for example HTTP in SSL)
Can add/remove packet filter rules on-demand
You can write your own proxy modules in Python if a native version is not available
Turtle
Turtle Firewall is a software which allows you to realize a Linux firewall in a simply and fast way. It's based on Kernel 2.4.x and Iptables. Its way of working is easy to understand: you can define the different firewall elements (zones, hosts, networks) and then set the services you want to enable among the different elements or groups of elements. You can do this simply editing a XML file or using the comfortable web interface, Webmin.

ZONES, NETWORKS, HOSTS and GROUPS definitions.
Filter rules definitions based on services.
New services definitions.
NAT (Network Address Translation)
Masquerading
LutelWall
LutelWall is high-level Linux firewall configuration tool. It uses human-readable and easy to understand configuration to set up Netfilter in the most secure way. The flexibility of LutelWall allows firewall adminstrators build very simple, single-homed firewalls, and most complex ones - with multiple subnets, DMZ's and traffic redirections.

LutelWall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone system. Configuration method of this firewall is designed to be as simple as possible without loosing Netfilter flexibility and its security features.

LutelWall is a Linux IPtables shell script written in bash for use as a stateful firewall and NAT/masquerade router for single or multiple subnets networks.

LutelWall makes use of the netfilter code in the 2.4 Linux kernel and is more robust and configurable than an equivalent IPchains script

Traffic features:
Flexible control over traffic using rule set
User-defined protocols support
Support for any kind multiple external and internal interfaces (and aliases)
Automated MASQUERADE / SNAT support
Easy to set up DNAT (transparent proxy, redirections to LAN/DMZ etc.)
Rate limit extensions
Packet marking for 3rd party shapers
TOS (Type of Service) traffic optimizer
Both passive and active FTP support
DHCP support
Can work as "workstation" firewall
Security features:
Stateful TCP connection tracking with restrictive TCP chain
Blocking all stealth mode scans (FIN, Xmas Tree, Null, Windows scan or ACK scan modes (nmap -sF -sX -sN -sW -sA)
Blocking IP protocol scans (nmap -sO)
Blocking UDP scans (nmap -sU)
Blocking identification via TCP/IP fingerprinting (nmap -O)
Anti-spoof protection, including protection for aliases
Anti-smurf protection
TCP SYN Flood protection
UDP / ICMP Flood protection
IANA reserved addresses checking
SYSCTL parameters set for increased strength
Logging features:
Logging stealth scans (FIN, Xmas Tree, Null), ACK scan modes (nmap -sF -sX -sN), IP protocol scans (nmap -sO), UDP scans (nmap -sU), nmap fingerprinting attempts.
Other features:
Autodetect of connection type (static/dynamic, external/internal)
Auto update of firewall tool
Auto update IANA reserved list
Display firewall statistics in iptables native, csv or html format
Easy deployment on all distributions
floppyfw
floppyfw is a router with the advanced firewall-capabilities in Linux that fits on one single floppy disk.

Access lists, IP-masquerading (Network Address Translation), connection tracked packet filtering and (quite) advanced routing. Package for traffic shaping is also available.
Requires only a 386sx or better with two network interface cards, a 1.44MB floppy drive and 12MByte of RAM (for less than 12M and no FPU, use the 1.0 series, which will stay maintained.)
Very simple packaging system. Is used for editors, PPP, VPN, traffic shaping and whatever comes up.
Logging through klogd/syslogd, both local and remote.
Serial support for console over serial port.
DHCP server and DNS cache for internal networks.