Review: Security firewall distributions

Firewalls underpin the security of any network, controlling the flow of data in and out. Where once they were simple in premise and execution, today they are just one component of a collection of services to monitor, track, limit and sometimes alter data to ensure the security of a network.

Today, off-the-shelf firewall products are almost exclusively Linux-based, precisely because Linux excels at the task. Firewall distributions are pre-packaged Linux distributions with a focus on firewall and gateway duties, containing all the necessary tools and services to make it easy to setup a box to protect your network. These are almost always bundled with web-based remote configuration interfaces that are so good that many once purely free firewall distributions have made the jump to corporate products.

In these cases the original distribution, as is the case with GPL (GNU Public License) code that underpins Linux, remains free -- you can download and install the full product on your own hardware. Money is made, however, by selling enterprise-grade technical support, commercial add-on modules (like third-party anti-virus), and hardware appliances that come pre-installed and ready to go with minimal effort.

It's a system that works well, as the free versions of the software can often be used without restriction for smaller businesses that don't need enterprise-level support, or by enterprise IT staff who first want to try before buying and even setup the software to see how it performs on the network.

The following distributions represent some of the popular firewall and gateway products on the market. Some are community-driven only with no commercial counterpart, while others offer the full gamut of enterprise support services and off-the-shelf hardware appliances.


ClearOS is a great example of the dual free and commercial firewall products that can be had.

ClearOS is a prime example of a Linux-based gateway and firewall distribution that comes in two flavours: ClearOS Community, a free edition for hobbyists and developers, and ClearOS Professional for business and production use. In truth both versions are very similar -- as the core functionality is freely available in Linux itself -- with the professional version mainly offering paid support services and optional paid add-ons such as Kaspersky anti-malware, Google Apps synchronisation, or server backup and auditing. Technically there is no restriction for using the free Community edition in a production environment if you're able to support it with your own staff. The Professional version can be installed on your own hardware or be cloud-hosted for as a minimal cost, or pre-made ClearOS Professional appliance (aka clearBOX) can be purchased that come in three levels depending on expected network load.

All administration is via a web interface, which is clean and intelligently laid out. With a focus on being everything from an advanced firewall to a multi-role gateway with advanced functions like packet inspection, it also includes a marketplace of apps to tailor a server to your needs. See for ClearOS professional and for ClearOS Community.


Like ClearOS, Endian also provides a free version of Endian UTM -- its commercial Linux-based security gateway OS -- called Endian Community Edition that can be installed on your own hardware. The community edition lacks certain features, which is to be expected, like official support but is still promoted by Endian for use by small businesses or non-profits, and none-the-less maintains all of the core functionality of Endian UTM.

The enterprise edition can be deployed as a virtual or hardware appliance, and Endian offers a range of boxes designed for use by a range of business sizes from just a handful of users up to thousands of seats, though prices aren't listed on the website. Professional support is provided in three levels from standard to 'premium', the latter of which extends the warranty on a hardware appliance.

Beyond typical stateful firewall functionality Endian includes web and mail security, anti-virus, Wi-Fi hotspot management (captive portal with features like ticketing and bandwidth control), and detailed logging and reporting among other features. Again management is performed through a web-interface which, while comprehensive, isn't quite as slick as ClearOS.

The latest version, Endian Firewall 3.0, has only just been released and can be downloaded from the Community section of the website. And if you try Endian and [i]really[/i] like it, there's even a merchandise store with shirts and mugs. Guess a man's gotta love him some firewalls.


With clearly the best name on the planet for a firewall, IPCop is a free non-commercial distribution designed for home and small business users. There's no paid support options or hardware appliances here, unlike ClearOS or Endian, but if you and your team know what you're doing then isn't likely to be an issue.

More than this, IPCop is also designed for lower-end hardware, coming in relatively compact in size compared to ClearOS or Endian. In fact there's a 'Flash' installation option that presumes you'll be installing it to a flash-based medium, and tweaks the OS to perform minimal writes in order to extend flash memory life. Paired with a low-power box, you can setup quite a potent firewall with minimal cost and resource usage.

As far as a free community-supported distribution goes, IPCop's web-based interface is both extensive and excellent, providing access to advanced firewall features, common services like web filtering and traffic shaping, and logs and reporting through an easy to use interface design.

There aren't any official add-ons like anti-virus or Wi-Fi hotspot controls like some of the other products covered here, but then it's a completely free and compact distribution aimed squarely at doing one job really well, allowing you to use other products to cover other services as you see fit. About the only downside to IPCop is that the latest stable release is over a year old.

Join the CSO newsletter!

Error: Please check your email address.

Tags firewalls

More about AstaroCitrix Systems Asia PacificGatewayGatewayGoogleKasperskyKVMLinuxMicrosoftRed HatSophosUntangle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ashton Mills

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place