I have several requests, but the main one is if I can get some advice or suggestions on a good firewall that matches these requirements:
- Whitelist IP Address Blocking
- Whitelist Port Blocking
- Open-Source(I can compile it, perhaps not necessary, but always a plus)
- Uses a Static Library
- Freeware
- Runs on Fedora flavor of the Red Hat flavor of Linux
Now, I'm open to suggestions if anyone knows of a good firewall that matches those, but I also am currently looking into these:
redWall Firewall CD
redWall is a bootable CD-ROM Firewall with Snort, snortsam, dansguardian and support for fwbuilder, spamassassin, reporting (using ACID/sarg/ntop/webfwlog), VPN (FreeSWan/PoPToP/Openvpn) and mail alerting (by mail). Configs are stored on a Floppy or USB
bastion-firewall
bastion-firewall is a Netfilter based firewall for Linux. It can generate graphical stats of all the rules traffic in the firewall with Rrdtool and it's integrated with the Snort Inline IPS. It's written in the bash and C programming languages.
Firestarter
Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators.
Not a very long list, so I'm open to any others that you think are good and match those requirements.
Also, I'm testing the security(going through 2 routers with firewalls each, and then to the computer), using other computers, so I'm also open to suggestions on any network security testing or cracking software that you have, currently I'm planning to use:
- Nmap - I would also appreciate if anyone knows a good front end for it, currently I'm planning on using Zenmap
- Angry IP Scanner - An awesome utility for basic network scanning
- Wireshark - I believe this also requires a front end, so any suggestions would be appreciated
- IP Personality - A OS spoofer, to test if security properly can detect the OS of intruders
Once again, any other good testing software would be appreciated.
Along with the firewalls, all data going in and out of the computer will be recorded using snort, so if you suggest any good front-ends for snort or other add-ons, I would appreciate it, and I'm also looking into an open-source version of tripwire, so if anyone knows where I can find one, please tell.
Thanks in advance.
None.