Most readily useful free Linux firewalls of 2018

A firewall is an important factor of computer safety nowadays, and a lot of contemporary routers have one integrated, which while helpful, is tough to configure. Luckily additionally distributions (distros) associated with the free os Linux that have been created specifically to function as fire walls.

These will generally have alot more advanced functions than those available on a router, and allow you to definitely have much better control of keeping your personal or business system safe.

  • These are the very best Linux training providers and on the web courses

In this essay, we're likely to evaluate six of the very popular free firewall distros. We now have attempted to emphasise both energy and ease of use when it comes to these offerings and their relative merits. If you want to see most of the firewall distros available on the market, feel free to go to the DistroWatch website for the comprehensive list. 

These distros may either be installed to a physical computer, or if you only have one device, operate from a digital machine. See our guide on starting a digital device in Windows.

Most distros are downloaded as an ISO file. You can make use of programs like UNetbootin to copy them up to a USB stick and boot. Follow the actions inside our guide here to work on this. 

  • 5 of the very popular Linux video gaming distros
  • What's the most effective Linux distro for beginners?
  • 10 of the finest lightweight Linux distros


ClearOS is through far the sleekest searching firewall distro in this roundup. It's obvious that many some time care has gone into developing the screen.

As most firewall distros are written the stereotypical geek, it's good to see a refreshing improvement in what seemingly have get to be the de facto standard of 'cobble it together and take into account the software afterwards'. This stated, ClearOS will run quite cheerfully through the command line for lots more higher level users.

The installation is painless and takes around 10 minutes to complete. You're given the choice to start out in public places Server or Gateway mode, based on how you wish to utilize ClearOS.  

When done, reboot and you'll be provided with all info you need to access and administer your new firewall remotely. All things are straightforward – it's obvious that many idea has gone into making ClearOS as easy-to-use as possible.

Once you've finished setup and accessed the web-based admin system, it cann't take long to familiarise yourself using the different settings and top features of ClearOS once the distro provides ‘Getting Started’ help once you get on the net interface. Setting up firewall guidelines is quick and painless, as is a lot associated with the other configuration.

The absolute most relevant function of ClearOS is its usability, but this distro is approximately greater than simply sleek appearance. It packs in many features aswell – not just does it give you a simple, clean method to manage a firewall, but it enables the addition of additional solutions to your community.

In general, ClearOS is just a powerful distro. As it's available in both free 'Community' and paid 'Professional' variations, it's ideal for both domiciles and smaller businesses. 

  • ClearOS Community 7.2.0
  • Website:
  • Rating: 9/10


This distro, while totally separate from IPFire, uses a helpful colour-coding scheme like the second, to represent different connections. Green is for LAN, red for the internet, orange for DMZ, and blue for cordless customers.

IPCop was initially a fork of Smoothwall (which we’ll additionally cover later) and was at change forked by the IPFire team as updates to IPCop are few in number. The most recent version (2.1.9) was released in February 2015.

Installation is reasonably simple, but there are wildcard questions thrown to the mix. While these may puzzle the novice user, accepting the standard options won't cause any issues until you employ a particular system configuration. One of the main advantages of IPCop is the fact that installation image is extremely tiny (around 60MB) and will be copied onto a DVD or flash drive. 

IPCop's web user interface seems clunky, although our tests proved that this ended up being just mental, since it ended up being in fact incredibly responsive. But other than the 'real-time' graphs that Smoothwall provides, IPCop gives a lot more details about your LAN setup, and in regards to the running regarding the firewall it self, including a listing of the connections which can be presently open.

The Firewall also offers a 'caching proxy', to be able to cache usually accessed pages in your area.

IPCop does a great job as firewall, providing a lot of information regarding traffic in your system, even though it might never be the prettiest distro on earth, it will what it's built to do.

  • IPCop 2.1.9
  • Website:
  • Rating: 8/10


OPNsense is an easy-to-use open source firewall predicated on FreeBSD 10.1 to make certain long-lasting help. Demonstrably sufficient, the project’s title hails from the language 'open' and 'sense', standing for: ‘Open source makes sense.’

The OPNsense project started out as being a fork regarding the competent firewall pfSense in January 2015. The team advertised their reasons behind forking the project had been partly as a result of type of licence pfSense used at the time, and partly because they believed they could produce a better firewall. 

The firewall now shares just around 10percent of its code because of the initial pfSense task. Also keep in mind that the fork produced a great deal of debate between pfSense diehards and OPNsense supporters on Reddit.

OPNsense provides once a week security updates therefore can react quickly to threats. It has numerous advanced functions you'd usually find only in commercial firewalls such as for example ahead caching proxy and intrusion detection. In addition supports using OpenVPN.

OPNsense includes a very rich GUI written in Phalcon PHP which really is a genuine pleasure to make use of. Apart from being more desirable than pfSense's interface, OPNsense was made partly due to the fact that the team felt the graphical program shouldn't have root access, as this may cause security issues. 

The GUI includes a simple search club and a new System Health module. This module is interactive and provides visual feedback whenever analysing your system. You can now export important computer data in CSV format for further analysis.

The firewall utilizes an Inline Intrusion Prevention System. This may be a effective kind of Deep Packet Inspection whereby rather than just blocking an ip or port, OPNsense can inspect specific information packets or connections and stop them before they reach the sender if necessary. OPNsense offers LibreSSL over OpenSSL.

  • OPNsense 18.1 (Groovy Gecko)
  • internet site:
  • Rating: 8/10


IPFire actually Linux firewall distro emphasizing user-friendliness and easy setup without compromising your security, supporting some useful features such as intrusion detection. IPFire has a serious method of safety by using an SPI (Stateful Packet examination) Firewall constructed on top of netfilter. 

IPFire is specifically designed for people who are not used to fire walls and networking, and certainly will be setup in mins. The installation procedure lets you configure your community into various protection segments, with each segment being colour-coded. The green part is just a safe area representing all normal consumers linked to the neighborhood wired community. The red portion represents the online world. 

No traffic can pass from red to any other part if you don’t have especially configured it this way into the firewall. The standard setup is for the unit with two system cards having red and green part just. But during the setup procedure you can implement a blue part for cordless connections and an orange one referred to as DMZ for just about any general public servers. 

As soon as setup is complete, you’ll configure extra options and add-ons with an intuitive web interface. 

The ISO image for IPFire is just 171MB in size, so once burned to DVD it'll cheerfully load into the computer's system memory and work from there. Alternatively you are able to install a flash image to install it to a router and even a graphic for supply devices for instance the Raspberry Pi.  

The IPFire project is within the procedure of crowdfunding a ‘captive portal’. This is certainly perfect if you wish to show people who connect with your Wi-Fi community a landing or login page before connecting right to cyberspace. It prevents rogue devices connecting immediately. 

  • IPFire 2.19
  • Website:
  • Rating: 9/10


Like OPNsense, pfSense is dependant on FreeBSD and designed particularly to exert effort as firewall and router. As we’ve pointed out currently, the fork between both of these jobs had been controversial and pfSense still has many loyal users. Updates are released quarterly. 

This distro runs on a array of hardware but presently just supports x86 architecture. The web site features a handy hardware guide to help you to pick a suitable device. 

The installation is done from a demand line however it’s very simple. You are able to decide to boot from either a CD or USB drive.

The setup assistant will ask you to assign interfaces throughout the installation, rather than as soon as you've booted towards the web program. You need to use the auto-detect feature to work out which community card is which. 

The firewall features a small number of built-in features, like multi-WAN, Dynamic DNS, hardware failover, and various types of authentication. Unlike IPFire, pfSense currently has a feature for a captive portal, whereby all DNS questions may be settled up to a solitary internet protocol address such as for instance a splash page for a public Wi-Fi hotspot. 

This distro includes a clean user interface and is really smooth to make use of. Once more, as it's predicated on BSD, some of the terminology utilized is confusing, but doesn't just take long to make it to grips with. 

pfSense is probably the most feature-rich firewall distro around, but falls down due to a not enough non-firewall-related additional features. If you're just after a simple firewall, you can't make a mistake by selecting pfSense, but if you will need anything far above that basic functionality, you may want to give consideration to one of many other distros.

  • pfSense 2.4.3
  • Website:
  • Rating: 7/10

Smoothwall Express

Smoothwall Express has become the many well-known firewall distro. To try this, we did an instant poll of 20 Linux geeks, asking them to call a firewall distro. 19 of them developed Smoothwall first.

Installing Smoothwall Express is text-based, however you don't have to be acquainted the Linux system therefore’s all fairly straightforward. You may possibly prefer to download or indeed print out the installation guide to walk you through setup procedure. To do this you'll must create a my.smoothwall profile.

You will find three installation options: Standard, Developer and Express. Developer is reserved for those of you people who genuinely wish to work on coding the Smoothwall project. Express is just a stripped-down version of Smoothwall which ensures maximum compatibility with older equipment. 

If you do not employ a specific system setup, you can usually accept the default options. 

The web-based control interface is straightforward and simple to know. Smoothwall Express doesn't provide much in the form of extra features, but does enable you to have split account to regulate the main connection, that will be particularly helpful if you're making use of dial-up, alongside its caching internet proxy solution.

One of many great things about Smoothwall Express could be the convenience it includes when operating internal DNS – including a fresh hostname takes just a few seconds. Assigning fixed IPs and enabling remote access can also be accomplished with some clicks. 

Truly the only issue we noticed during evaluation had been that assigning fixed DHCP rent assignments calls for you to definitely click include followed by Save, which isn't specially apparent that you have to perform the second step. This generated a fair little bit of confusion with this system connected printers jumping from ip to another.

  • Smoothwall Express 3.1 (Standard)
  • internet site:
  • Rating: 8/10

Last verdict

Deciding on the best firewall distro is largely dependent upon your certain demands, but whatever they may be, having security from a firewall is simply a matter of commonsense given the great number of perils on the net these days. That said, aside from basic security, once your firewall is installed it can also be helpful to have a couple of extra features for good measure.

Only a firewall

If you're after having a basic firewall, then all of the distros right here is going to do good work, with a few doing much better than other people. If this seems like you, you can't fail with IPFire, which probably has the easiest setup process. 

A deep failing that, IPCop and Smoothwall Express are great choices if you're perhaps not after any such thing too complex. If you want a commercial-grade solution and now have money to burn off, discover Smoothwall's paid-for arm.

If you like something having a tiny impact, or to run on an embedded unit, pfSense's web site contains helpful guides to get this done, though it will only operate on x86 architectures. For any other kinds of equipment, consider IPFire. 

The champion

For people, however, a field in the corner that isn't getting used to its full level is just a wasted field. This is the reason we would rather use virtualisation, whereby the firewall can run as a digital host on a single hardware you use for web browsing. 

While ClearOS remains the strongest firewall, virtualisation isn’t as simple as it really is along with other firewall distros particularly IPFire. And this, with the proven fact that IPFire permits easy customisation through a unique add-on solution Pakfire, means it’s the slim winner over ClearOS, getting our gold medal. 

Nevertheless, Smoothwall Express deserves an honourable mention. It's the only real firewall that when set up will keep on running with just minimal prompting and disturbance away from you. Should anyone ever need certainly to locate specific settings, they are simple to find as well.

  • Additionally check out: 10 of the greatest Linux distros for privacy fiends and safety buffs