Simplify the task
Whether you build your firewall with iptables oripchains, a number of free utilities can aid you in the process of creating and managing your firewall. My favorite Linux firewall tool is Firestarter, an X Windows application with a nice, simple interface. It includes a firewall creation wizard that builds a firewall script for you. While most admins choose not to load X Windows on a Linux firewall machine, you can always run the Firestarter wizard on a test machine and then transfer the firewall script it creates to your production firewall. Along those same lines, you can also use a Web-based GUI to help manage your firewall. For iptables, there is Bifrost, which is basically a CGI script that runs on Apache. For ipchains, there is the ipchains firewall module for Webmin. If you're not into GUI tools, you can get your firewall started with some prepackaged firewall scripts. For iptables, take a look at MonMotha's iptables Firewall or Shoreline Firewall, both of which are free. For ipchains, Ocean Park Software offers a free firewall script that is customized to run on Red Hat 7.1.
Once you have your Linux firewall up and running, you can ease the task of managing it by installing firelogd to help you monitor firewall logs and set up alerts for suspicious activity. Final word
Getting rid of old PCs can be a challenge, in and of itself. But don't discard those old systems yet. Because Linux typically does not require as much computing power as Windows, you may find that you can lengthen the life of some of your PCs by loading Linux on them and building basic firewalls. One word of caution: Don't be enticed to run anything too powerful or mission-critical on these Linux systems. If you want to run a Linux database, Web site, or a domain controller (using Samba), for example, go out and buy a real server to put it on. Don't use an old PC. They work for firewalls because firewalls typically don't require fast processors and tons of RAM. Of course, to be on the safe side, you might want to keep some identically configured units around to replace one of these firewalls, if they do have a hardware failure.
Have your say instantly in the Tech Update forum.
Find out what's where in the new Tech Update with our Guided Tour.
Let the editors know what you think in the Mailroom.
Talkback
Try using SmoothWall Linux. This is a free firewall product built as a customised version of linux. It is easy to set up and provides very good firewall security whilst being able to run on old machines (386+)