This study presents a comparative evaluation of two widely used Linux-based firewall solutions, Uncomplicated Firewall (UFW) and ConfigServer Security & Firewall (CSF), using the SEPER framework, which encompasses Security, Performance, Effectiveness, and Reliability dimensions. While previous studies have examined Linux firewall configurations individually, systematic comparisons that apply a structured evaluation framework such as SEPER remain limited. The experiments were conducted on Ubuntu Server using an intra-host virtualized environment consisting of multiple virtual machines. Network performance was evaluated using throughput and latency measurements, while security effectiveness was assessed through port scanning, SSH brute-force simulations, and mild SYN flood scenarios. System reliability was analyzed based on CPU and memory utilization. The results indicate that UFW and CSF exhibit comparable network performance, with throughput differences remaining below 5%, suggesting no statistically significant performance advantage for either firewall. UFW demonstrates slightly lower resource overhead, whereas CSF provides stronger automated brute-force mitigation through its integrated Login Failure Daemon (LFD), at the cost of modestly higher resource usage. Mild SYN flood tests produced similar outcomes across all configurations, largely influenced by Linux kernel-level mechanisms. Overall, this study highlights a trade-off between resource efficiency and advanced security automation. By applying the SEPER framework, the findings provide balanced and practical guidance for Linux administrators in selecting firewall solutions based on deployment priorities rather than isolated performance metrics.

Firewall; Linux Security; UFW; CSF; Performance Evaluation

Alfazry, M. R., Fadilah, F., Putra, A. P., & Setiawan, A. (2024). Perlindungan Keamanan Website NextCloud: Mengatasi Serangan DoS dengan Konfigurasi Firewall pada Ubuntu. Journal of Internet and Software Engineering, 1(3), 11-11.

Arman, M., & Rachmat, N. (2023). Penanggulangan Serangan LOIC Terhadap Web Server. Techno. com, 22(3).

Ariyadi, T., Pohan, M. R., Hadi, M. K., & Widodo, A. A. (2023). Implementasi firewall pada protokol SSH Linux Ubuntu menggunakan iptables. In Prosiding Seminar Riset Mahasiswa (Vol. 1, No. 1, pp. 170-175).

Balarajah, B., Rossenhoevel, C., & Monkman, B. (2023). RFC 9411: Benchmarking Methodology for Network Security Device Performance.

Canonical Ltd. (2025). Firewall. In Ubuntu Community Help Wiki. Retrieved from https://help.ubuntu.com/community/Firewall

ConfigServer Services. (nd). ConfigServer Security & Firewall (CSF). Retrieved from https://configserver.com/configserver-security-and-firewall

Ernawati, R., Ruslianto, I., & Bahri, S. (2022). Implementasi metode port knocking pada sistem keamanan server ubuntu virtual berbasis web monitoring. Coding: Jurnal Komputer dan Aplikasi, 10(01), 158-169.

Hasani, F. R., Sardjono, S., & Alamsyah, R. Y. R. (2024). Pencegahan Serangan DDOS Syn Flood Terhadap Web Server. In Seminar Nasional Penelitian (SEMNAS CORISINDO 2024) (pp. 124-130).

International Organization for Standardization. (2022). ISO/IEC 27001:2022 — Information security, cybersecurity and privacy protection—Information security management systems—Requirements. Geneva, Switzerland: ISO.

Kramer, W. T. (2008). Holistic Evaluation of Lightweight Operating Systems using the PERCU Method.

Kurek, T., Niemiec, M., & Lason, A. (2024). Performance evaluation of a firewall service based on virtualized IncludeOS unikernels. Scientific Reports, 14(1), 557.

Lamdakkar, O., Ameur, I., Eleyatt, M. M., Carlier, F., & Ait Ibourek, L. (2024). Toward a modern secure network based on next-generation firewalls: recommendations and best practices. Procedia Computer Science, 238, 1029-1035.

Lencse, G., & Shima, K. (2023). Optimizing the performance of the iptables stateful NAT44 solution. Infocommunications Journal, 15(1), 55-63.

Longueira-Romero, Á., Iglesias, R., Gonzalez, D., & Garitano, I. (2021). How to quantify the security level of embedded systems? a taxonomy of security metrics. arXiv preprint arXiv:2112.05475.

Ma, L., & Zhao, D. (2022, September). Research on Setting of Two Firewall Rules Based on Ubuntu Linux System. In 2022 International Conference on Computer Network, Electronic and Automation (ICCNEA) (pp. 178-182). IEEE.

Niemann, R., Pfingst, U., & Göbel, R. (2015). Performance evaluation of Netfilter: a study on the performance loss when using Netfilter as a firewall. arXiv preprint arXiv:1502.05487.

Purwoko, M., & Hilal, H. (2019). Analisis Penerapan Firewall Nftables Sebagai Sistem Keamanan Server Pada Mesin Virtualisasi. InComTech: Jurnal Telekomunikasi dan Komputer, 9(1), 1-22.

Rafamantanantsoa, F., & Rabetafika, H. L. (2018). Performance Comparison and Simulink Model of Firewall Free BSD and Linux. Communications and Network, 10(04), 180.

Ruambo, F. A., Masanga, E. E., Lufyagila, B., Ateya, A. A., Abd El-Latif, A. A., Almousa, M., & Abd-El-Atty, B. (2025). Brute-force attack mitigation on remote access services via software-defined perimeter. Scientific Reports, 15(1), 18599.

Salopek, D., & Mikuc, M. (2023). Enhancing mitigation of volumetric ddos attacks: A hybrid fpga/software filtering datapath. Sensors, 23(17), 7636.

Singh, S. K., Gautam, S., Cartier, C., Patil, S., & Ricci, R. (2024). Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them. In 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI 24) (pp. 1731-1750).

Skybakmoen, T., & Conrad, C. (2018). Next generation firewall comparative report. NSS Labs, Fort Collins, Colorado, Tech. Rep.

Tambunan, M. R. H., & Neyman, S. N. (2024). Implementasi Firewall pada Linux untuk Pencegahan Dari Serangan DoS. Journal of Technology and System Information, 1(4), 10-10.

Ubicloud. (2024, March). Linux flowtables improve latency ~7.5%. Ubicloud Blog. Retrieved from https://www.ubicloud.com/blog/improving-network-performance-with-linux-flowtables

Voronkov, A., Martucci, L. A., & Lindskog, S. (2019). System administrators prefer command line interfaces, don't they? an exploratory study of firewall interfaces. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019) (pp. 259-271).

Wool, A. (2009). Firewall configuration errors revisited. arXiv preprint arXiv:0911.1240.