What’s the difference between the Linux firewall vs a router based firewall?

Spunmonkey July 29, 2011

Can you tell why I should choose one over the other?

  1. Anonymous
    July 31, 2011 at 12:28 pm

    Routers include firewall security and  provide high external level of defense from intrusions since they are separate
    devices and possess their own operating environment, offering an extra line of
    defense. Use of Software firewalls become less
    important if a strong Hardware firewall is implemented. The main fallback for
    Hardware firewall is they are quite expensive as compared to Software firewalls.  

    Linux routers, like Smoothwall is a simple Linux kernel built to run as a dedicated firewall/router. Using smoothwall is a great way to gain extra capability with NAT that you don't get from the cheap Linksys routers.

    The disadvantage to software firewalls is that they will only guard the computer
    they are installed on, not the entire network.

    Different kinds of firewalls functions in
    different manner  depending on their software architecture. 1)The Packet
    Filtering Firewall:the firewall examines five characteristics of a packet:
    --- Source IP address
    ---Source port
    --- Destination IP address
    --- Destination port
    ---IP protocol (TCP or UDP)
    2)The Application-Proxy Firewall
    3)The Application-Gateway Firewall
    4)The SOCKS Firewall

  2. Mike
    July 29, 2011 at 9:45 pm

    I'm afraid this can't be answered because
    (1) there are various different Firewalls for both, Linux and on Routers
    (2) there are various different basic configurations for a Firewall

    In general I would say you should always have the Router firewall enabled for the simple reason that it protects the entire network not only a single computer. Client side Firewalls (e.g. on Linux or Windows) can be enabled for additional security.

    Usually the basic configuration for a Router firewall is that all incomming connections are blocked and all outgoing connections are allowed. In addition all incomming connections which are initiated from within the local network are allowed and all UPnP registered connections are allowed. It's a configuration which gives you decent security with very little inconvenience.

    As for Linux Firewalls e.g. iptables the basic configuration should be either "allow all" or "block all". But again, it depends on the configuration shipped with it.