When I wrote the original edition of this book, I included a discussion of IPFire in the Snort section. At that time, IPFire had Snort built into it. It was a neat idea because you had an edge firewall and an Intrusion Detection System (IDS) all in one handy package. But, in the summer of 2019, the IPFire folk replaced Snort with their own IPS. So, I've moved IPFire down here into its own section.
The difference between IDS and IPS is that an IDS informs you of problems, but doesn't block them. An IPS also blocks them.
If you think back to our discussion of firewalls in Chapter 3, Securing Your Server with a Firewall – Part 1, I completely glossed over any discussion of creating the Network Address Translation (NAT) rules that you would need in order to set up an edge or gateway type of firewall. That's because there are several Linux distros that have been created specifically for this purpose:
IPFire is completely free of charge, and it only takes a few minutes to set up. You install it on a machine with at least two network interface adapters and configure it to match your network configuration. It's a proxy type of firewall, which means that in addition to doing normal firewall-type packet inspection, it also includes caching, content filtering, and NAT capabilities. You can set up IPFire in a number of different configurations:
- On a computer with two network interface adapters, you can have one connected to the internet and the other connected to the internal LAN.
- With three network adapters, you can have one connection to the internet, one to the internal LAN, and one to the Demilitarized Zone (DMZ), where you have your internet-facing servers.
- With a fourth network adapter, you can have all of what we just mentioned, plus protection for a wireless network.
With all that said, let's give it a try.