Information Technology Works

Managed Linux firewall

Managed Linux Firewall Overview:

ITwrx is not maintaining our own Gnu+Linux Firewall distribution or fork of an existing distribution. We build (if applicable), configure, install (if applicable) and remotely manage Linux firewalls for clients using the same software and config as we use ourselves. Our intended audience is generally smaller businesses that don't have in-house Linux System Administrators but would like to provide commercial grade protection for their data (and data entrusted to them) residing on their LAN at rates much lower than dedicated staff or over-priced, outdated, insecure options offered by large vendors. Please see the features below and complete the firewall/server quote form to receive a no-pressure quote.


Managed Linux Firewall Standard Features:


  • ++ Built with Arch Linux

    Arch Linux is a distribution of Gnu+Linux that uses Free(as in freedom) Software licensed under the GPL. This also means it's free (as in doughnuts), as there are no license fees associated with any of the software in use on your firewall. For more info on why I refer to freedom, see our blog post on the matter.

    Arch Linux is a rapidly developed Gnu+Linux distribution that doesn't make many modifications to the upstream software it uses for it's software packages. This simplicity means it's able to release updated versions including security patches, bug fixes and new features, more quickly than some other distributions. The shear volume of updates and a certain requisite level of admin involvement deters some sys admins from using Arch for firewalls and servers, but we think you're worth it.

    Arch Linux is also a “rolling release” which means there are no versions of the OS to have to install and/or pay for every few years. When ITwrx updates the machine, everything gets updated on it. You're always on the latest version of everything.

  • ++ Role Based Access Control

    Role Based Access Control is provided by the grsecurity kernel patch and related software. This is a security mechanism which controls access to sensitive system files by other software on the system to help prevent and mitigate attacks or trusted software that is trying to do something insecure on the firewall. grsecurity adds a significant boost to kernel and overall system security.

  • ++ Stateful Packet Inspection

    The firewall tracks the outgoing connections from your computer to the internet so it can allow just your traffic back in from the web to your computer. This state tracking is a standard feature with properly configured, modern firewalls.

  • ++ TCP/IP stack hardening

    ITwrx sets kernel parameters to harden the network stack of the kernel to protect against certain types of network attacks.

  • ++ Common sense local protections

    Password protected UEFI/BIOS, bootloader, unecessary hardware ports disabled and more.

  • ++ Local client user

    Local client user included for "push button" local startup and “auth only” shutdown of the firewall.

  • ++ Safe remote access

    Remote access for your ITwrx managed linux firewall uses an 8192 bit key and proper configuration, making brute force attacks impractical. IOW, remote access done properly. You'd be suprised how many security appliances/machines have serious security vulnerablities added by the manufacturer/provider through laziness/incompetence/collusion.

  • ++ Cross Platform Network Services

    Cross platform network services includes DHCP, DNS and file sharing via Samba. This protects your freedom and pocket book as you can choose to use any OS for your client computers, phones, tablets, printers, etc. as it pertains to networking and/or the shared folder(s).

  • ++ Encrypted DNS requests

    DNS requests are received by the firewall from your LAN computers and then those requests are encrypted to and from opendns' servers (or any dns server desired) on your LAN computers' behalf and then relayed back to your LAN computers. Previously, every domain name any computer on your LAN requests would have been sent to external dns servers in clear text. The DNS server software also caches the requests locally and serves those cached versions, increasing the efficiency and speed of this part of the surfing process for all client machines on the LAN.


Managed Linux Firewall Optional Features:


++ Built-In Wireless Access Point

You can opt to have ITwrx include a Wifi adapter in your firewall machine so that a maintained Wireless Access Point is avaliable to your LAN. This can be in leu of, or in addition to, the wired LAN adapter. It's more secure to not have Wifi at all, but if you have a need for wifi, then having a Free Software based, updated, access point is preferable to consumer grade wireless routers with old, buggy, possibly misconfigured and/or proprietary firmware.

For additional options, please see the Secure Linux Server optional features, as they can generally be added to either a firewall or server machine.