Comments on The Perfect Linux Firewall Part I -- IPCop

The Perfect Linux Firewall Part I -- IPCop ::What is IPCopThe IPCop project is a GNU/Linux GPL project that offers an exceptional feature packed stand alone firewall to the internet community. Its comprehensive web interface, well documented administration guides, and its involved and helpful user/administrative mailing lists make users of any technical capacity feel at home. It goes far beyond a simple ipchains / netfilter implementation available in most Linux distributions and even the firewall feature sets of commercial competitors. Firewalls have had to undergo a tremendous metamorphosis as a result of evolving threats. IPCop is exemplary in offering such a range of default features and even further a large set of optional plug-ins which can provide further functionality. Some of IPCops impressive base install features include: secure https web administration GUI, DHCP Server, Proxying (Squid), DNS Proxying, Dynamic DNS, Time Server, Traffic Shaping, Traffic/Systems/Firewall/IDS graphing, Intrusion Detection (Snort), ISDN/ADSL device support and VPN (IPSec/PPTP) functionality. As if these base features were not an astounding enough there are dozens of add-ons which can further expand the functionality of your IPCop from Web Filtering to Anti virus scanning.

34 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Anonymous

Just post all of it it would have made for a better read in my opinion. or make both parts available at the same time.

By: Anonymous

This article is a good intro and it got me going on a FOSS project I did not know about. Good stuff!

By: Anonymous

I think the invisible firewall feature of pfsense makes it an interesting addition to an IPCop protected network, especially if the tutorial author could persuaded to publish it on howtoforge.com

By: evolutionaryit

Hello,

Thanks for dropping by. =) Pfsense looks like an interesting project and I am happy to innovation happening in all arenas of free and open source software. My hope is that more firewalls share code and expertise to improve the open firewall options that consumers have.

By: Anonymous

Thank you for taking the time to write this very helpfull tutorial. I hope you'll also cover using ipcop for vpn access on the next tutorial.

By: evolutionaryit

I do appreciate your kind words. =) Maybe I will focus on the VPN side of things in a later series.

By: evolutionaryit

Yeah bro its mine too. =)

By: Anonymous

Good article. I had installed ip-cop long before. Really it is a great free solution. And some add-ons can be applied to ip-cop such as p2p blocking, content filtering and intrusion detection.

By: evolutionaryit

Thanks so much for your kind words. I hope that you get a chance to check out our second installment.

By: Anonymous

I have been using IPCop for several years now and am very happy about it. This article is very well-written and looking forward to its second part. If both the parts are available togehter in a printer-friendly version, its usfulness would increase.

kumaresan

By: admin

Below the howto is a "printer friendly" link.

By: evolutionaryit

Hey,

There is the link below and these will also be on the Internet Archive in the near future once the second installment is completed. For those of you that do not know about the Internet Archive it is please do check it out at http://www.archive.org/.

Thanks,

Joe

By: evolutionaryit

The link will be placed when the series is complete. =)

By: Anonymous

I disagree. I find IPCop to be easy to use and setup but not very extensible. I prefer Clarkconnect

which has many modules and addons and MUCH better community support.

Peekj

By: Anonymous

The free home version of Clarkconnect may not be that flexible for more demanding tasks? If you want more, don't those Clarkconnect modules and addons often cost money?

By: Anonymous

Hello Anonimus,

Clarkconnect has 1/2 of the features and many fewer addons than exist for IPCop. The IPCop community has been incredible and I am very happy with the project in every aspect. As well Klarkconnect is not as open and transparent a development community more focused on creating a commercial software NOT a usable free software GPL'd firewall. For this and many other reasons it is a superior Linux firewall.

IPCop Addons

List of IPCop Addons

By: evolutionaryit

Hello Peekj, I have used both as well as the vast majority of commercial firewalls and have ended up sticking with IPCop. For me it does more of what I want and has an amazing support community.

By: Anonymous

What about other commercial products? have you tried affordable solutions like ideco
i think its functionaly is amazing i think for many companies its more reasonable to employ ready to work solutions rather that figuring out how to use a number of free programs right


By: Anonymous

Good job man! I use IPCop on my own networks and on dozens of clients and I am very happy with it. Keep up the good work IPCop team.

By: Anonymous

mybe is better to talk about ipcop addons..... many many

By: evolutionaryit

I just might cover them in the future. =) As I state in the article I will cover my favorite add-on copfilter.

By: Anonymous

One great addon is the Zerina OpenVPN addon, which is an alternative method of constructing a VPN that is simpler to use than IPSec yet cross-platform. It's based on OpenSSL for secure transport. OpenVPN is regarded as secure, compared to some of the amateur efforts at VPNs in the past like CIPE.

It would be good to cover this and increase the popularity of IPCop and Zerina

By:

Good ariticle. In-depth review..

The main difference among other linux firewall is that is its interface is more simple.

Besides, Ipcop firewall has been added to our useful resources.(category firewall).

Best regards,

Sophia Parker

The All-Internet-Security.com Directory

By: evolutionaryit

Hello,

I do concur. =) Zerina OpenVPN is another amazing IPCop add-on which I hope becomes part of the code base in future releases. Copfilter is another of my favorites which has my vote for inclusion in future releases of IPCop.

Thanks for your comments,
Joe

By: Anonymous

If you don't want to dedicated a machine as a firewall, Shorewall is great. Excellent documentation. I have been using it for 4 years on my home network.

By: Anonymous

and am happy to see it getting some coverage and exposure because it is a great GNU/Linux firewall. Everyone should check it out http://www.ipcop.org

By: Anonymous

Great work on the article.

By: Anonymous

As a user of Ipcop for many years now I have to concur that it is a great gnu firewall.

By: Anonymous

seeing the second part of the article. Ipcop + copfilter = network bliss.

By: Anonymous

As far as I remember, IPCop allows any traffic going out from the LAN to the Internet (great for trojans). I wish you could do an article regarding a fix for that.

By: evolutionaryit

Hello,

? Most firewalls allow connections from the trusted LAN (Green) out to the internet.? This can be configured or blocked within IPCop (on CLI w/ IPTABLES)? and there are addons to help as well.? Check out BOT http://blockouttraffic.de/? As I always say one cannot look at a firewall as a panacea but as part of a set of security tool, techniques and processes.?

Thanks,

J

By:

This has been a great help to me in the last few days.

Very well written article! 

By: access repair

Although not an official part of IPCop, there are many addons, some based on the addon server, that add additional functionality to IPCop, such as advanced QoS, e-mail virus checking, traffic summary, extended interfaces for controlling the proxy, and many more.

By: morteza

I'am looking forward to run and configure services on ipcop firewall, where do i find them such as proxy or more