The Linux kernel has a built-in firewall called IPTables. Therefore, regardless of your (Linux) distro of choice, the firewall in use will always be the same. But while some distros ship with a gui client to configure and manage the firewall, others do not. Fedora, Mandriva, Parsix, and Sabayon, are example of Linux distros that install a graphical firewall client by default.
Some distros ship with command line firewall scripts (ufw is a popular one) for configuring and managing the Linux firewall, but we don’t expect everybody to be comfortable using shell scripts, especially when there are very good graphical clients that simplify the task of configuring and managing iptables. There are many (gui) clients to choose from, some better than others. For this article, we are going to look at the five of the better designed graphical firewall solutions.
Here they are in alphabetical order:
- Guarddog: A nice gui client for novice to intermediate users. All the documentation you need is available in the Guarddog Handbook. To install this client, use your distros package manager to search for the string guarddog. Once installed, it will likely be placed under “Internet” in the menu tree.
- ebox-firewall: This is a recent addition to this group of open source applications, and it is a component of the ebox platform. Management is via a browser-based interface. To install, use your distros package manager to search for the string “ebox-firewall”. Once installed, point your browser to “https://localhost/ebox”. The docs are available here.
- Firestarter: A GTK program for managing and monitoring iptables. Distros that ship with a graphical firewall client pre-installed typically use Firestarter. This is the firewall client installed in Linpus, and it is fairly easy to use. The default configuration should be sufficient for most users, but if you want to create custom rules, it’s all point and click. If stumped, the Firestarter doc is your best friend.
- KMyFirewall: This a KDE firewall client with very good configuration options. You’ll find it installed by default in Sabayon. Like Firestarter, the out-of-the-box configurations should be enough, but if you know what you are doing, creating custom rules (rulesets) is easy.
- nuapplet: This is the cleint interface to Nufw, a very powerful authenticating firewall. Where other firewall solutions manage traffic by IP addresses, Nufw gives you the capability to affect traffic also by user id. Installing this requires the installation of the server, “nufw”, and the client, “nuapplet”. Once installed, you will find an entry for “nuapplet” under “Internet” in the menu tree. Documentation is available here
There are a few more, but these are the best ones for most users. Of the five listed above, Nufw, and ebox-firewall are, for the average desktop user, overkill. To install ebox-firewall, for example, requires the installation of postgresql, apache 2, and a few other applications and several libraries. For the vast majority of users, we recommend any one of Guarddog, KMyFirewall, or Firestarter (assuming that your distro does not have a firewall client installed), but if you want to take a walk on the geek side, feel free to try nuapplet (Nufw) or ebox-firewall.
As a unit, a Linux distro is more secure – out of the box – than any Microsoft Windows operating system (this is one of the reasons why we encourage Windows users to switch to Linux). However, securing your distro goes beyond configuring a firewall. There are other aspects to running a secure desktop, but those will be addressed in another post.