Linux firewall software

Tools

Douane (application firewall)

network traffic filtering

Douane is an application firewall that blocks unknown or unwanted traffic. It provides a more fine-grained filtering as it looks at the combination of application and used network ports. This is useful when allowing common browse traffic on port 80 and 443. Instead of all applications being able to use this port, only the ones that are granted access will be able to do so. When a new connection is not trusted yet, Douane will ask to allow or deny the traffic stream.

iptables (network traffic filter)

network traffic filtering

The iptables tool is the userspace command line program part of the netfilter project. Since Linux 2.4 it is the standard packet filtering engine. Among standard traffic filtering, it can be used for Network Address Translation (NAT).

nftables (network traffic filtering)

network traffic filtering

Advantages of nftables over Netfilter are less code duplication, better performance, and easier to manage the rules. Instead of multiple utilities (iptables, ip6tables, arptables, and ebtables), everything is now configured with just one main utility named nft.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.