Find the answer to your Linux question:
Results 1 to 6 of 6
I've talked to people who install "boxes" which do this. What do they have that iptables does not? Thanks....
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User
    Join Date
    Mar 2013
    Posts
    321

    What are HARDWARE firewalls for?


    I've talked to people who install "boxes" which do this. What do they have that iptables does not?



    Thanks.

  2. #2
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,864
    A hardware firewall is just a separate box that sits between you and the internet world. If the box gets hacked or compromised, it's not carrying any valuable information, as that would be on a separate machine inside your network. Its useful in the corporate world, as it marshalls access on the internal network to and from another network (usually the Internet) for many computers.

    Quite often these boxes use a version of Linux inside them, and they're using IPtables to provide the NAT firewall.

    You can set up your own hardware firewall, all you need is an old computer and a distro like Smoothwall or shorewall. There is a list of them here: https://en.wikipedia.org/wiki/List_o..._distributions.

    I use a smoothwall box at home.
    Linux user #126863 - see http://linuxcounter.net/

  3. #3
    Linux Engineer docbop's Avatar
    Join Date
    Nov 2009
    Location
    Woodshed, CA
    Posts
    925
    Hardware firewalls typically will have more tools to simplfiy setting up a firewall and dynamicly optimizing rulesets based on traffic along with other features. Some of the expensive ones have customized TCP/IP stacks for better performance and vendor hooks. As Roxoff said for home or small office can easily get and old computer install Linux and Smoothwall and have a good firewall.

  4. #4
    Linux User
    Join Date
    Mar 2013
    Posts
    321
    Quote Originally Posted by docbop View Post
    dynamicly optimizing rulesets based on traffic
    Can Linux do this?

  5. #5
    Linux Engineer docbop's Avatar
    Join Date
    Nov 2009
    Location
    Woodshed, CA
    Posts
    925
    Quote Originally Posted by resetreset View Post
    Can Linux do this?
    That would be a function of the firewall application not the OS. So look at the feature set of the firewall you select.

  6. #6
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,864
    Quote Originally Posted by docbop View Post
    That would be a function of the firewall application not the OS. So look at the feature set of the firewall you select.
    Don't just look at the 'official' feature set too - some of the free solutions have additional drop-on custom modules that can add the features you need. For example, I have a custom mod on my Smoothwall to allow it to do multiple static IP addresses.
    Linux user #126863 - see http://linuxcounter.net/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •