10 firewall tools to meet your budget

10 firewall tools to meet your budget

Summary: Jack Wallen briefly evaluates the pros and cons of 10 firewall tools (four of them free) that might fit your needs.

SHARE:
TOPICS: Networking, CXO, Security
10

 |  Image 1 of 10

  • If you are looking for a free (for individual and not-for-profit use) all-in-one security suite that includes a Firewall tool, Zone Alarm is hard to beat. Zone Alarm includes a new DefenseNet feature that leverages the real-time threat data from millions of community users that aids to detect and block threats.

  • Outside of using the command line to power iptables, Firewall Builder is one of the most powerful Linux and BSD firewall tools you will find. With this tool you can create incredibly powerful firewalls that are as versatile as they are strong. The only major drawback of Firewall Builder is that the meek should not apply. Firewall Builder is a challenge for new users and priced per number of firewalls you need to manage.

  • Thumbnail 1
  • Thumbnail 2
  • Thumbnail 3
  • Thumbnail 4
  • Thumbnail 5
  • Thumbnail 6
  • Thumbnail 7
  • Thumbnail 8
  • Thumbnail 9
  • Thumbnail 10

Topics: Networking, CXO, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • RE: 10 firewall tools to meet your budget

    Nice but it would be helpful if we could know the level of protection offered by each one. How effective are they? What kind of testing is available to insure the proper operation and configuration? Also some of these purport to be smart firewalls, so can any of them respond to an attack and indicate to the user some configuration that needs to be adjusted?
    ivank2139
    • RE: 10 firewall tools to meet your budget

      @ivank2139@...
      TO TRY IT WILL NOT HARM YOUR COMP OR YOUR PURSE.
      livekingstown
  • RE: 10 firewall tools to meet your budget

    Does Zone Alarm Free work in 64-bit Windows 7 Ultimate? Also, will there be any conflict with the other 2 free anti-malware, viz., Avast 5.0.677 and Spybot Search&Destroy 1.6.2 that I use?
    sjoardar
    • RE: 10 firewall tools to meet your budget

      @sjoardar <br>THIS DOES WORK WITH AVG ANTI VIRUS PRO,<br>AD-AWARE ANTI VIRUS PRO,<br>IMMUNET AND PANDA CLOUD SYSTEMS.ALSO-YES IT DOES WORK ON
      64-BIT WINDOWS7 ULTIMATE.
      livekingstown
      • RE: 10 firewall tools to meet your budget

        @livekingstown STOP SHOUTING!
        sismoc
      • RE: 10 firewall tools to meet your budget

        @livekingstown
        I can't hear you over the fact that you're yelling!
        ZackCDLVI
      • RE: 10 firewall tools to meet your budget

        @livekingstown
        Thanks! However, I am still wondering about any potential conflict with Avast! 5.0.677 and Spybot Search&Destroy 1.6.2.
        sjoardar
  • zonealarm ..?

    zonealram is a ancept firewall and i think it is the best.... when checkpoint is hired them... i don't know.. ? any idea... checkpoint attachment with zonealarm....
    Amit Beniwal
  • RE: 10 firewall tools to meet your budget

    <TT># This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).

    # The loopback network interface
    auto lo
    iface lo inet loopback

    # The primary network interface
    auto eth0
    iface eth0 inet dhcp

    auto br0
    iface br0 inet static
    address 192.168.0.1
    netmask 255.255.255.0
    post-up iptables-restore < /etc/iptables.up.rules
    bridge_ports eth1 wlan0

    iface eth1 inet manual
    up ifconfig $IFACE 0.0.0.0 up
    up ip link set $IFACE promisc on
    down ip link set $IFACE promisc off
    down ifconfig $IFACE down

    iface wlan0 inet manual
    up ifconfig $IFACE 0.0.0.0 up
    up ip link set $IFACE promisc on
    down ip link set $IFACE promisc off
    down ifconfig $IFACE down</TT>

    Yep! I am using my own iptables script to flush and recreate the rules as soon as my external interface is up! :)

    <TT># Generated by iptables-save v1.4.4 on Thu Oct 7 13:45:47 2010
    *mangle
    :PREROUTING ACCEPT [3778268:2030589954]
    :INPUT ACCEPT [1951542:315871622]
    :FORWARD ACCEPT [1828278:1714915334]
    :OUTPUT ACCEPT [584837:4837372503]
    :POSTROUTING ACCEPT [2415221:6553027657]
    :asterisk - [0:0]
    :common - [0:0]
    -A FORWARD -i br0 -o eth0 -j MARK --set-xmark 0x3/0xffffffff
    -A FORWARD -i br0 -o eth0 -j common
    -A FORWARD -i br0 -o eth0 -j asterisk
    -A FORWARD -i br0 -o eth0 -p icmp -j MARK --set-xmark 0x1/0xffffffff
    -A FORWARD -i eth0 -o br0 -j MARK --set-xmark 0x3/0xffffffff
    -A FORWARD -i eth0 -o br0 -j common
    -A FORWARD -i eth0 -o br0 -j asterisk
    -A FORWARD -i eth0 -o br0 -p icmp -j MARK --set-xmark 0x1/0xffffffff
    -A asterisk -p udp -m udp --sport 5060 --dport 5060 -j MARK --set-xmark 0x1/0xffffffff
    -A asterisk -p udp -m udp --sport 5080 --dport 5080 -j MARK --set-xmark 0x1/0xffffffff
    -A asterisk -p tcp -m tcp --sport 5060 --dport 5060 -j MARK --set-xmark 0x1/0xffffffff
    -A asterisk -p tcp -m tcp --sport 5080 --dport 5080 -j MARK --set-xmark 0x1/0xffffffff
    -A asterisk -p udp -m udp --sport 10000:20000 --dport 10000:20000 -j MARK --set-xmark 0x1/0xffffffff
    ...
    COMMIT
    # Completed on Thu Oct 7 13:45:47 2010
    # Generated by iptables-save v1.4.4 on Thu Oct 7 13:45:47 2010
    *nat
    :PREROUTING ACCEPT [48293:6001940]
    :POSTROUTING ACCEPT [14341:1088928]
    :OUTPUT ACCEPT [36548:2778308]
    -A POSTROUTING -o eth0 -j MASQUERADE
    COMMIT
    # Completed on Thu Oct 7 13:45:47 2010
    # Generated by iptables-save v1.4.4 on Thu Oct 7 13:45:47 2010
    *filter
    :INPUT DROP [14834:4562608]
    :FORWARD ACCEPT [1799:264065]
    :OUTPUT ACCEPT [584837:4837372503]
    :fail2ban-ssh - [0:0]
    -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
    -A INPUT -s 211.128.0.0/9 -j DROP
    -A INPUT -s 202.96.0.0/9 -j DROP
    -A INPUT -s 85.0.0.0/8 -j DROP
    -A INPUT -s 81.0.0.0/8 -j DROP
    -A INPUT -s 122.0.0.0/8 -j DROP
    -A INPUT -s 220.0.0.0/8 -j DROP
    -A INPUT -i lo -j ACCEPT
    -A INPUT -i br0 -j ACCEPT
    -A INPUT -p gre -j ACCEPT
    -A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
    ...
    -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
    -A FORWARD -i br0 -o eth0 -j ACCEPT
    -A FORWARD -i eth0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A OUTPUT -p gre -j ACCEPT
    -A fail2ban-ssh -j RETURN
    COMMIT
    # Completed on Thu Oct 7 13:45:47 2010</TT>

    And yes, I do have Windows firewall, which is adaquate for my needs. TYVM! :)
    Grayson Peddie
  • RE: 10 firewall tools to meet your budget

    Umm....Try it again with your review of COMODO! You just misled any of your readers into thinking that if they want Comodo's anti-virus, they have to buy the PRO product, when in fact, they can get COMODO Internet Security with antivirus as a totally FREE product! The Pro product adds 24hr. live PC support and a WiFi protection toolkit called Trustconnect! I've been using their free products for a while now, and have had zero problems! It's easy to install on anything from XP to Win7! The free download is at:
    http://www.comodo.com/home/internet-security/free-internet-security.php
    Next time check your facts! ;)
    barefoot1976