Projects / Gibraltar Firewall

Gibraltar Firewall

Gibraltar is a Debian GNU/Linux-based router/firewall distribution, fully workable from a bootable, live CD-ROM. Log files can be stored on a hard disk, and configuration data is stored on a USB mass storage media or a floppy disk and kept on a RAM disk during run-time. Due to its Debian base, a vast manifold of firewalling, routing, and proxy packages is available. It comes with an intuitive, easy to use Web administration interface and support, and is free to use for home users.

Operating Systems

Recent releases

  •  16 Mar 2010 15:47

    Release Notes: This release has been updated to kernel 2.6 and a fresh base system based on Debian 5.0 (codename Lenny). Additional, notable changes and new features are full support for IPv6, policy routing setup via a Web interface with support for multiple default routes in fail-over as well as load-balancing configurations, layer7 match support to mark traffic based on protocols instead of ports, official support for WLAN interfaces, use of overlay filesystems and standard initramfs tools, and that OpenVPN can now be used without client certificates for direct integration with LDAP or Microsoft Active Directory.

    •  17 Jul 2008 09:22

      Release Notes: Major new features in this release include official support for Snort as an intrusion detection system and full integration of the Puresight Enterprise variant for advanced user-based authorization and reporting. SSL Explorer plugins can now beinstalled. There were substantial improvements in traffic shaping performance, support for transparent virus scanning for HTTP, POP3, and FTP even without a hard disk, and the beginnings of full WLAN access point functionality.

      •  11 Sep 2007 14:12

        Release Notes: This release introduces major new features: a dynamic content filter for HTTP based on Puresight, SSL-VPN with the SSL Explorer community addition, a captive portal based on Chillispot, an OpenVPN module in the Web administration interface, unified user management based on OpenLDAP and Freeradius that is now integrated with all services and allows optional use of Active Directory, a complete redesign of the traffic shaping module for more flexibility and complex scenarios, and various additions to the integrated Spamassassin.

        •  30 Aug 2006 17:03

          Release Notes: This release adds three major new features: accounting/monitoring, anonymization, and failover. Many system and network parameters are now collected and stored in round-robin databases for detailed graphical analysis. Strong anonymization is provided by the integration of tor, anon-proxy/JAP, and freenet, to allow users to remain in control of their private connection data. "heartbeat" with improved scripts has been integrated for hot-standby failover. This will allow connections to remain open even during the failover, and is thus completely transparent to clients and servers.

          •  07 Apr 2005 20:08

            Release Notes: This release significantly improves the speed of the Web interface, and solves a previous issue with license checks in high-bandwidth cases. An important change is the introduction of the TCP window tracking patch to the firewall code, which checks TCP connections much more thoroughly than before. Another change is that FreeS/WAN has been replaced with its successor Openswan, which uses compatible config files, so this replacement should not need any changes in current configurations.

            Recent comments

            05 Jun 2002 21:00 gromm

            Re: license problems
            The problem with using a BSD license with debian is that it's not the license they use.

            It's probably worthwhile to use some flavour of bsd as your base system and then modify it to your heart's content, so that you *can* use the BSD license to your heart's content and extort... er, collect money from clients. :)

            Nothing's stopping you from modifying the OpenBSD directory structure to your own ends.

            01 Dec 2000 00:28 gnea

            uhm, well...
            you see, places like cheapbytes make their money off of the cd material themselves. if i want to take gibralter, burn it to a shitload of cd's, then sell them for $1.50 a pop, i sure as all hell CAN, because i'm only replacing the cost of the blank cd's that i purchased.. if i paid $.75 for the cd, i'll charge $.75 for it. nothing you or anyone else can do about it. UNLESS the license STRICTLY prohibits this (and if it did, then your distro wouldn't gain as much popularity as others have) then it's OK. and it SHOULD be OK. Finally, if someone, such as myself, IS going to sell cd's with your distro on them, they/myself should have the courtesy of notifying you prior to burning them that they/i are going to be doing this, so that you're aware of what's going on, and if they/i slip up, u can notify of it and we can correct the problem without being pussies and bringing in a lawyer to fight for us. best way to avoid legal issues: do just that, but use yer bloody head.

            10 Aug 2000 06:02 karellen

            protect ISOs
            > Is there any way so that I can protect only the ISO images that are available for download

            Yes. You should copyright the file/directory layout on your ISO. Theo de Raadt
            [OpenBSD founder?] did that, and it has proven quite efficient.
            There are only `homebrewed' ISOs for OpenBSD, as you may have
            noticed, and people continue to buy OpenBSD CDs and support
            OpenBSD by not distributing ISO images.

            01 Aug 2000 05:22 rmayrhofer

            copyright now temporarily taken away
            I have taken the copyright away from the server for the moment, the images are completely free therefore. But I will need some sort of protection for the ISO images themselves (not the contents of them) to be able to publish free versions of Gibraltar. Please could anybody with experience in license situations comment on which possibilities I have ?

            Rene Mayrhofer

            01 Aug 2000 05:12 rmayrhofer

            license problems
            Hi everybody

            Thanks for pointing out that there is indeed a license problem. I did not want to restrict source and / or binary distribution of the GPLed programs / shell scripts that I wrote for Gibraltar. Neither did I want to restrict redstribution of any of the programs taken from Debian. I only want to restrict some company from taking these specially prepared IDO images, putting them on CD-ROM and selling them. The protection should only be put on the ISO images, not on the contents of it. If somebody takes the files from the ISO image, makes a new one and sells it, it will be ok (because that would demand some work from them and could maybe result in some contributions for Gibraltar).

            Is there any way so that I can protect only the ISO images that are available for download but not the other (Debian) source packages that I will put in the source directory in a few days ? You have to understand that CD-ROMs burnt from these ISO images themselves (well, probably not from the first pre-release, but more mature one will definitely follow) could be sold.

            I took OpenBSD as an example for the license: They publish everything under the BSD license, but do not want to publish *their* layout of the ISO images. Because I really want to publish free ISO images, not only sell CD-ROMs, I am seeking for a solution.

            To be honest, I wanted to work on the license in the next few days but I really did not expect that much interest in Gibraltar. Really, I like it but I did not have the time to work on the license because of this demand.

            I will gladly accept any proposals on how the wording of the license can be changed. If there is no GPL-compatible way of protecting the ISO images themselves, maybe somebody has another suggestion what I can do. Please be kind with me, this is the first license I wrote myself and English is not my mother's tounge.

            Rene Mayrhofer


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.