Firewall for PCI Compliance

PCI Compliance requires the use of personal firewalls as well as network firewalls. The Network firewalls are required to perform stateful firewall inspection.

Here are some of the OpenSource Firewall options you can use as an alternative to commercial firewalls.

  • IP Tables / Netfilter : IPTables is a well known OpenSource Firewall for Unix & Linux Systems. IPTables uses an access control list method for its firewall function. Each packet that crossing the firewall is checked by each rule in order. As soon as it matches a rule, the packet follows the associated action, otherwise it proceeds down the line.
  • Pfsense : Pfsense is an excellent firewall for Linux/Unix based systems. It provides a number of ways to configure your firewall requirements that can lead to the compliance of requirement 1.1 of PCI DSS
  • Smoothwall : Another opensource firewall for Linux based systems
  • Endian Firewall : Endian is an advanced opensource firewall which can be made into a UTM.
  • Firestarter: Firestarter is a modern linux firewall. This can be used to meet your PCI requirements.

PCI DSS requirements also recommends the use of Web application Firewalls. Modsecurity is set up as a web application firewall which is one of the requirements of PCI if you don’t test the code of your web applications.  I will discuss web application firewalls in a later post.

Did any other opensource firewalls impressed you in getting your PCI Certificate? Please share your experience.