Gibraltar Firewall is a firewall and router package, based on Debian/GNU Linux, which perfectly meets all individual requirements for a state-of-the-art firewall.

Independent of the kind of Internet connection (dedicated line, ADSL, dial-up connection), Gibraltar provides for secure connections. So you can turn to something more important without ruffle and worries - your job!

Gibraltar is free for private use. The private license is restricted to a maximum of 5 concurrent connections and includes the easy-to-use webinterface. For obtaining a private license, please contact us via email.

Attention: Without a valid license file, Gibraltar will not run properly!

For the private use of Gibraltar, no claim on support or guarantee can be raised.

All ISO images are copyright of Rene Mayrhofer and eSYS Information Systems GmbH, but may be copied and distributed freely. Several components of Gibraltar are under GPL or BSD license. For detailed usage licenses read the packet documentations under /usr/share/doc on the ISO image.

If you would like to distribute Gibraltar commercially, please refer to our partner program.

Gibraltar can be completely configured with the web-based configuration tool GibADMIN. The configuration of Gibraltar occurs over an encoded, secured connection, and can be done with any browser. The web-interface is designed intuitional and concise, and enables the administrator to change the configuration very easy and quick.

Gibraltar convinces through jutting flexibility and extensive functionality.

Here are some key features of "Gibraltar":

· SYSTEM
· Live CD technology: Gibraltar boots and runs fully off CD-ROM
· No hard disk installation required
· Specially hardened Linux kernel
· Languages: English, German, Finnish
· Remote configuration with web interface (SSL 128 Bit) or remote login (SSH)
· Easy configuration management
· Automatic live updates: interval can be configured
· NETWORK SUPPORT
· Ethernet: 10/100/1000 MBit/s: static or DHCP, virtual IP addresses
· ADSL Ethernet modems: PPP over Ethernet, PPTP
· ADSL USB modems: PPP over ATM
· Modem dial in: serial, USB
· Unlimited number of network interfaces
· STATEFUL PACKET INSPECTION
· Protocol support: ICMP, TCP, UDP, GRE, ESP, AH, IPv4-over-IPv6
· Flexible packet filter: interface, MAC address, IP address, service, port,....
· NAT: Network address translation: dynamic and static
· PAT: Port address translation: load balancing (Round Robin)
· Free definition of aliases and groups: addresses and ports
· DoS/flood - protection: predefined, expandable
· Randomized IP sequencing
· Selective TTL manipulation
· Protocol pass through: PPTP, FTP, H.323, IRC
· VPN (VIRTUAL PRIVATE NETWORKS)
· VPN IPSec gateway
· VPN PPTP server: MPPE 128 Bit data encryption
· Network-to-network VPN
· Network-to-client VPN: compatible with Microsoft Windows 2000 / XP
· Unlimited number of VPN tunnels
· Authentication with PSK (Private shared key) and X.509 certificates
· Encryption: 3DES, Blowfish, Twofish, AES, CAST, Serpent
· Authentication PPTP: CHAP, MS-CHAPv1, MS-CHAPv2
· NAT traversal
· Perfect forward secrecy (PFS)
· DEEP PACKET INSPECTION
· Secure SMTP relay: incoming, outgoing, attachment blocking, block lists, antivirus and spam protection
· Transparent HTTP proxy: no client configuration necessary, spam protection
· User authentication: user list, active directory integration, LDAP
· Content caching
· Content scanning: antivirus, cookies, active X, java script
· FTP proxy: transparent outgoing, incoming
· Transparent POP3 proxy: antivirus, spam protection and protection of dangerous attachments
· ADDITIONAL SERVICES
· Dynamic DNS
· DHCP server
· Secure DNS resolve
· SSL wrapper for arbitrary services
· Portscan detection
· Antispam filter: rule based, Bayes, RBL, Razor and DCC
· ClamAV virus scanner
· OPTIONAL: Kaspersky virus scanner

Requirements:

· Pentium PC, at least 300 MHz
· 32 MB RAM
· bootable CD-ROM-drive
· 1.44"-floppy-disk drive
· 2 x Network interface cards 10/100/1000 GBit/s

What's New in This Release:

· We are pleased to announce Gibraltar release 2.6. It will be the last version based on kernel 2.4, the next Gibraltar release 3.0 will use kernel 2.6. Major new features in this release include official support for "Snort" as intrusion detection system and full integration of the Puresight Enterprise variant for advanced user-based authorization and reporting. Additionally, this release: now allows SSL Explorer (TM) plugins to be installed; substantially improves traffic shaping performance; supports transparent virus scanning for HTTP, POP3, and FTP even without a harddisk; and includes the beginning of full WLAN access point functionality. At this time, Atheros-based cards are supported and can be configured via the web interface. Future releases will expand on this to e.g. include full 802.1x support.