لكثرة الطلبات التى تصلني حول موضوع الجدران النارية Firewall وحول أفضل واحد منها للأستخدام في الشبكات الصغيرة والمتوسطة سوف أستعرض في جزءان مقال حول أهم الجدران النارية المجانية التى يمكن إستخدامها وقبل أن أدخل في المقال أحب أونوه أن تجربتي في الجدران النارية معدومة وما سوف أذكره مبني على جمع معلومات من الأنترنت أي سوف أتحدث عن نبذة مختصرة عن الجدار الناري وسوف أعرض مواصفاته باللغة الأنجليزية من المصدر الخاص بالجدار الناري.
كما هو معروف أن أغلب الجدران النارية المتوفرة تعمل في بيئة Linux, FreeBSD, or OpenBSD , وهي تعمل بتقنيات مختلفة مثل pf (Packet Filter), ipf (IPFilter), ipfw (IPFirewall), and iptables.
Firestarter
- Open Source software, available free of charge
- User friendly, easy to use, graphical interface
- A wizard walks you through setting up your firewall on your first time
- Suitable for use on desktops, servers and gateways
- Real-time firewall event monitor shows intrusion attempts as they happen
- Enables Internet connection sharing, optionally with DHCP service for the clients
- Allows you to define both inbound and outbound access policy
- Open or stealth ports, shaping your firewalling with just a few mouse clicks
- Enable port forwarding for your local network in just seconds
- Option to whitelist or blacklist traffic
- Real time firewall events view
- View active network connections, including any traffic routed through the firewall
- Advanced Linux kernel tuning features provide protection from flooding, broadcasting and spoofing
- Support for tuning ICMP parameters to stop Denial of Service (DoS) attacks
- Support for tuning ToS parameters to improve services for connected client computers
- Ability to hook up user defined scripts or rulesets before or after firewall activation
- Supports Linux Kernels 2.4 and 2.6
- Translations available for many languages (38 languages as of November 2004)
Zorp GPL
- Using script language as configuration and decision language(Python)
- Supported protocols:
- Utilizing modular application gateways
- Able to analyze sub-protocols (for example HTTP in SSL)
- Can add/remove packet filter rules on-demand
- You can write your own proxy modules in Pthon if a native version is not available
Turtle
- ZONES, NETWORKS, HOSTS and GROUPS definitions.
- Filter rules definitions based on services.
- New services definitions.
- NAT (Network Address Translation)
- Masquerading
LutelWall
- Traffic features:
- Flexible control over traffic using rule set
- User-defined protocols support
- Support for any kind multiple external and internal interfaces (and aliases)
- Automated MASQUERADE / SNAT support
- Easy to set up DNAT (transparent proxy, redirections to LAN/DMZ etc.)
- Rate limit extensions
- Packet marking for 3rd party shapers
- TOS (Type of Service) traffic optimizer
- Both passive and active FTP support
- DHCP support
- Can work as “workstation” firewall
- Security features:
- Stateful TCP connection tracking with restrictive TCP chain
- Blocking all stealth mode scans (FIN, Xmas Tree, Null, Windows scan or ACK scan modes (nmap -sF -sX -sN -sW -sA)
- Blocking IP protocol scans (nmap -sO)
- Blocking UDP scans (nmap -sU)
- Blocking identification via TCP/IP fingerprinting (nmap -O)
- Anti-spoof protection, including protection for aliases
- Anti-smurf protection
- TCP SYN Flood protection
- UDP / ICMP Flood protection
- IANA reserved addresses checking
- SYSCTL parameters set for increased strength
- Logging features:
- Logging stealth scans (FIN, Xmas Tree, Null), ACK scan modes (nmap -sF -sX -sN), IP protocol scans (nmap -sO), UDP scans (nmap -sU), nmap fingerprinting attempts.
- Other features:
- Autodetect of connection type (static/dynamic, external/internal)
- Auto update of firewall tool
- Auto update IANA reserved list
- Display firewall statistics in iptables native, csv or html format Easy deployment on all distributions
floppyfw
- Access lists, IP-masquerading (Network Address Translation), connection tracked packet filtering and (quite) advanced routing. Package for traffic shaping is also available.
- Requires only a 386sx or better with two network interface cards, a 1.44MB floppy drive and 12MByte of RAM (for less than 12M and no FPU, use the 1.0 series, which will stay maintained.)
- Very simple packaging system. Is used for editors, PPP, VPN, traffic shaping and whatever comes up.
- Logging through klogd/syslogd, both local and remote.
- Serial support for console over serial port.
- DHCP server and DNS cache for internal networks.
إلى هنا نكون قد أنتهينا من الجزء الأول وأن شاء الله لنا عودة مع جزء ثاني أو ثالث بحسب ماتوصلني إليه أبحاثي حول الجدران النارية المتوفرة والمجانية ولو كان لدى أحدكم معرفة مسبقة حول أحد هذه الفيرولات وقام بتجربتها مسبقا فنحن نرحب بتعليقه ورائيه حول الجدار الناري كخبرة واقعية على الجدار الناري, أتمنى ان تكونوا قد أستفدتوا ولاتنسونا من دعوة صالحة في الغيب ودمتم بود.