gShield
$Date: 2004/05/17 03:54:10 $
gShield is an iptables firewall for use with the modern series of the Linux kernel. It is easily configurable, and supports a wide range of features.
gShield is free software, released under the GNU General Public License (GPLv2).
You can download the latest release (v2.8), or peruse the current changelog. Older versions are available, v1 (applicable for Linux 2.2.x) and v2. Older versions are not in active development.
features
- multiple NATs
- configurable public service access
- access control lists
- routable protection
- port-forwarding
- transparent proxies
- and more!
gShield in no way taunts Happy Fun Ball, and is
included in various Linux distributions,
such as
Gentoo,
and Debian.
testimonials
- gShield was featured in a write up on SecurityFocus comparing iptables-firewall scripts, as well as one of their Focus on Linux: Security Tools series, and in an issue of the New Zealand Reseller News.
- RaQport, a colocation provider, uses a modified version of gShield as part of their advanced security solutions. They sell SUN/Cobalt RaQ security application devices which use a custom version of gShield.
- Harold Rodriguez has an article entitled Easy Internet Sharing which covers using gShield.
- NetworkClue.com has a a nice write-up on securing your Linux installation which recommends gShield.
- GIAC (Global Information Assurance Certification) has an article Firewall on a Budget (doc format) which recommends gShield.
- GNG IT Solutions uses gShield as part of their Routers, Firewalls, and VPN services. They actively contribute patches, and v3 (upcoming) includes their excellent routing enhancments.
- gShield was included in Red Hat Linux Security and Optimization, published by Red Hat, as well as Linux Security Toolkit, by David A. Bandel.
- GovermentSecurity.org includes articles on gShield.
- SolarSpeed uses gShield in their RaQ550 package.
- Ramesh Panuganty has a nice article on Setting up a Linux Home Gateway which recommends gShield (among others).
useful additional tools
- Derek Murphy maintains intruder, a shell script which adds offensive hosts to gShield's blacklist.
- Brian Poole's tracker.pl is a perl script which parses /proc/net/ip_conntrack which is useful for showing connections the firewall is tracking. Netstat-nat does the same thing, written in C.
- gforward.pl is a perl script for creating arbitrary port-forwards. It ships within the gShield release, but works well as a standalone script.
- gShieldConf is a GUI frontend to gShield written by Vince Hodges. It supports version 1.x and version 2.x.