Slashdot Mirror

← Back to Stories (view on slashdot.org)

IPCop 0.1.1 Review

Posted by Hemos on from the lock-down-the-network dept.

Selanit writes "I just found a link on Distrowatch to a SecurityFocus Review of IP Cop 0.1.1. IP Cop is a fork of the GPL version of the Smoothwall Linux firewall distro, which had a review linked by Slashdot. Though it has a slick, easy install. and good features, a number of people had issues with Smoothwall.. IPCop has implemented shadow passwords to fix the security flaw, and their mission statement includes a provision that they will "Provide an enjoyable environment for the Public to discuss and request assistance." The to-do list of features for the upcoming 0.2 version is also interesting. "

6 of 104 comments (clear)

  1. OpenBSD? by daemonslayer · · Score: 2, Interesting

    Looks interesting. Does anyone know from a security standpoint how this compares to OpenBSD or other similar security minded projects?

  2. Re:Cool, but... by NetJunkie · · Score: 3, Interesting

    SSH isn't stupid. But why was it available to the outside world? You should only do firewall management from inside your network.

  3. Uprising Politechs... by bhsx · · Score: 2, Interesting

    It seems that more and more people are using politics to spur linux distributions. Spinning-off a GPL project is all well and good; but do you have to wish ill on the original project? It doesn't seem like this is different enough from smoothwall yet to indicate a new distribution. On a similar topic, has anyone checked out Sorcerer GNU/Linux lately? Seems this is happenning a bit too much for my taste. I'm all for things like K12LTSP which don't attempt to take anything from there originators, yet add productive/usefull features for anyone in a specialized nitche.

    --
    put the what in the where?
  4. Re:That's what routers are for. by NetJunkie · · Score: 3, Interesting

    Check out the Nexland ISB Pro800Turbo Firewall/NAT box. It will load balance two broadband connections.

  5. Better Solution? by PJPorch · · Score: 2, Interesting

    I was playing with a number of similar stripped-down version of linux that were intenedd for firewalls. IPCop has a nice interface and is simple to setup, but found that I like Astaro for a better solution. The Hardware requirements are a little higher, but the I think the interface is better and one key feature that changed my mind is that Astaro is a stateful firewall
    From Astaro Website

    http://www.astaro.com

    System
    Linux 2.4-based, Change-Root Protection, Kernel-Capability Protection, Web-based Administration (128 Bit SSL encrypted), Updating via Internet (1024 Bit PGP signed), Logging via Syslog/SNMP/ASCII-Files.

    Firewall
    Stateful Packet Inspection, Portscan Detection, Anti Spoofing.

    Virtual Private Networks (VPN)
    IPSec and IKE (RFC 2408/RFC 2409), Microsoft PPTP (RFC 2637) Algorithms: Diffie-Hellmann/3DES/MD5/SHA 1.

    Proxies
    HTTP (Content Filter, Cache, Authentication), HTTPS, SMTP (Virus Protection), DNS, SOCKS 4.0/5.0 (Authentication), Authentication via User Database/Radius/MS Windows NT or 2000.

    Networking
    Source and Destination NAT, Masquerading, up to 25 Ethernet Interfaces (10/100/1000 MBit), IP Aliasing, Randomized TCP Sequencing, Proxy ARP, Automated Routing.

    Performance
    Running on a 750 MHz CPU: Up to 64000 concurrent Connections, up to 650 MBit/s Filter Throughput, up to 25 MBit/s VPN Throughput.

    Josh

  6. Author speaks out. by Babel · · Score: 3, Interesting

    As the author of the SecurityFocus article in question, I'd just like to answer a few comments:

    * Yup, I found this an interesting project for a number of reasons. It was WAY easier to set up than a standard Linux distro, but be aware that's because it has ONE purpose and one only -- to be a firewall. This is good and bad. As a simple, easy to install firewall system, I like it.

    * I haven't played with www.dubbelle.com but I'll be sure to check it out shortly. There are lots of other good cut-down distros out there, and I'm sure there is place for all of them. The one advantage that IPCop has over a single floppy distro is a few extra features such as squid and IPSec.

    * Sorry, the article really was meant to be a how-to, rather than a review. I'm sorry about those who were dissapointed expecting more of a review article but I prefer to write in the more practical sense. If you want a review, here's a one word one: GOOD. I'd be interested to hear what one poster (sloop) found "lacking" in the article, however.

    * I hereby refuse to make any comment concerning Richard Morrell.

    * Yup, Astaro is a fine distro too, and no doubt the fine folks at SecurityFocus will probably review it as well. I'm not that familiar with it myself so no doubt they'll get someone else to do the review.

    Del