6

I have a virtual server running Debian. It's host OS is using Linux Vserver and due to its lack of support for network namespaces, using iptables to secure the box is not an option. I did many searches looking for alternatives but so far I'm only finding different front ends to manage iptables itself.

Is there anything else out there? I was hoping to tie it in into my OSSEC active response scripts to enable real time blocking when malicious activity is detected.

EEAA
  • 108,414
  • 18
  • 172
  • 242
BajaBob
  • 63
  • 1
  • 4

6 Answers6

7

As far as I know, iptables is the linux firewall. Never in all my years working with linux have I ever heard nor seen of any alternatives.

Do you have the option of just running the firewall layer on the host OS?

EEAA
  • 108,414
  • 18
  • 172
  • 242
1

There's always Debian GNU/kFreeBSD which ports the FreeBSD kernel the Debian/GNU userland. This would allow you to use pf as your firewall. Unfortunately, as of current (Debian 6/Squeeze) GNU/kFreeBSD is considered a "techninical preview", which means not ready for production.

0

The Linux kernel has only one built-in firewall, iptables.

There are side projects like dummynet, a Linux port of the BSD firewall, but these are for testing purposes and not to be used in production.

Dummynet: http://info.iet.unipi.it/~luigi/dummynet/

Lars Wiegman
  • 211
  • 1
  • 5
0

ip filter claims to support Linux. (I have only used it on Solaris.) http://coombs.anu.edu.au/~avalon/

Mark Wagner
  • 17,764
  • 2
  • 30
  • 47
0

Checkout the nftables. It is gaining momentum and AFAIK it is going to replace iptables.

Adam Ryczkowski
  • 690
  • 1
  • 9
  • 29
  • The "nf" in "nftables" stands for "netfilter". Thus it is fairly likely based on netfilter. – womble Dec 14 '18 at 03:32
-3

What about Bastille Linux? It can be used as firewall.

http://www.bastille-linux.org/

Infragile
  • 153
  • 1
  • 6