$Free / Personal, $265 / Professional, $365 / VPN, $365 / Enterprise
In a Nutshell
- Java Version runs on Linux/Windows
- Personal edition free of charge
- Bandwidth allocation protects from Denial of Service (DOS) attacks
- Needs a separate machine
- Routing/DHCP not standard
|Gatekeeper: With this Java firewall you can keep the bad guys away.|
Linux Firewall Security Site
Linux IP Firewalling and Accounting
Got a pile of old 486 machines sitting around? Wondering what to do with them? Well, they do make great paperweights and can function pretty well as network backup devices. However, if they are running Linux with an up-to-date Java Runtime Environment they can serve as perfect firewalls, effectively protecting both your network and machines from any Internet bad guys. That is, if you have a decent firewall package — one such as Merilus’s Gateway Guardian.
Manning the Barricades
Guardian is perfect; it’s a pure Java firewall. Firewalls can be thought of as providing bi-directional access control, access being absolutely denied from unauthorized external hosts.
The four editions available (Personal, Professional, VPN, and Enterprise) are intimately related, each one being a progressively larger superset of the other. With port forwarding, IP masquerading, and port stealthing, the Personal Edition does a wonderful job of firewalling by itself. Each edition of the software can be downloaded from the Merilus site in at least an evaluation-timed mode; the Personal Edition is free for personal and non-profit organization usage.
Features and Functions
We tested the Enterprise Edition of the Gateway Guardian, which required a better and faster machine than our derelict 486 (we recommend at least a 233 MHz Pentium II with at least 64 MB, a CD-ROM, and two Ethernet NICs). We set it up as a true Bastion Firewall, essentially isolating the network from the Internet; its only access to the Internet was through Guardian.
The Enterprise Edition also provides for: protection against external Denial of Service attacks, system monitoring of unauthorized access attempts (originating either internally or externally), multiple VPN tunnels, bandwidth accounting by user, bandwidth allocation, management, and out-of-band management for system administration by modem. Denial of Service (DOS) attacks are protected against by bandwidth response allocation — a simple and effective solution (the bombardments will still take place, but your response to them will be limited).
Guardian provides for expected functionality such as DHCP and NAT. It also provides for some unique services; for example, Real World mode alternately allows for each network machine to expose its unique IP (potentially assigned by DHCP) through the firewall with all the protection it offers.
Getting it to Work
The Guardian installed easily once the JRE (included on the CD and available for download) was installed. Additionally, Java lived up to its promise, as the administration pack managed to run perfectly regardless of the host operating system.
Installation on our always-on ISDN system took a little longer than expected but was no trouble. Standard firewall functions (like allowing or denying by target and destination IP and port) worked well and configured easily; we found that easy bandwidth allocation with bandwidth “loaning” was a pleasant plus.
With Merilus’s Gateway Guardian, we now have a reason to keep those antique machines around.