NS8 has a built, very simple firewall just to open and close ports of services. NethSecurity is the spin-off of NethServer 7: it contains the UTM firewall part .
Yes, the same of NS7.
It’s free, if you want to setup your own instance Install Dedalo Hotspot with Icaro on local servers