Slashdot Mirror
IPCop 0.1.1 Review
Selanit writes "I just found a link on Distrowatch to a SecurityFocus Review of IP Cop 0.1.1. IP Cop is a fork of the GPL version of the Smoothwall Linux firewall distro, which had a review linked by Slashdot. Though it has a slick, easy install. and good features, a number of people had issues with Smoothwall.. IPCop has implemented shadow passwords to fix the security flaw, and their mission statement includes a provision that they will "Provide an enjoyable environment for the Public to discuss and request assistance." The
to-do list of features for the upcoming 0.2 version is also interesting. "
Awww yeah, motherbitches. I gotz da skillz to pay da billz.
You have just received the Amish Virus!
Since we do not have electricity or computers,
you are on the HONOR SYSTEM!
Please delete ALL of your files....
Thank Thee.
Alan Thicke's Journal
My Slashdot ads say "
(fp) assholex
for Prime Minister!!!
You can do it!!!"
-- The Boogie Man
I just want to give propz to all my dead homiez. And props to Dave and Steve's video game explosion too. Oh, and fp.
Again from the conference call, we learn that in 2Q02, Intel accounted for 20% of total revenues. That's (cue drum roll, Dr Evil voice) one million dollars! Did they buy a thousand Sourceforge seats? To put it bluntly, no. They spent this on advertising
You can't spend one million dollars on advertising
At any reasonable CPM rate (or indeed, at OSDN's quoted rates for "selfserve" ads recently posted, one million dollars would buy you 250 million ad impressions. According to the OSDN advertising screen, they serve 120 million page views a month. So, by this standard, roughly two out of every three ads on OSDN during the second quarter of fiscal 2002 would have been ads for Intel. I have to tell you, and every regular viewer of Slashdot will agree, that they weren't.
Slashdot is notorious for running ads for thinkgeek tshirts, other OSDN sites and caffeinated mints, but surprisingly few ads for the high-end server gear which is the unique selling point of OSDN to its advertiser base. And slashdot accounts for an awful lot of those 120 million pages. Specifically, according to figures given in in Malda's statement, Slashdot has "one third of a million visitors per day", and the median visitor generates ten pageviews (we guesstimate this from the statement that, at a subscription rate of $5 per 1000 pages without ads, "82% of our readers could view slashdot for a year for $20", ie, 4000 pages per year). That means that over a quarter, just about 90 million of OSDN's 120 million pages are accounted for by Slashdot. So if Intel has spent One Million Dollars on OSDN advertising without making a material impact on slashdot, then something pretty strange has gone on.
The Open Source movement, otherwise known as 'Free Software', has been a topic of considerable debate on the Internet's most controversial site. The majority of this debate has centered around the technical merits of the software, with the esteemed editors argueing against adopting Linux by employing the full depth of their considerable intellects, and the other side hurling death threats and similar invective. This has allowed many who would not otherwise receive quality information about Open Source software to be made aware of many of its ramifications, but one issue has been left alone: The overt racism that is deeply embedded in the movement.
Allow me to explain.
Alan Cox; Richard Stallman; Bruce Perens; Wichert Akkerman; Miguel DeIcaza.
What do you see in this list of names? Are there any African-Americans on it? Absolutely not, none of those names sound like one a self-respecting black person would have! No Maurice, no Luther, no Lil' Kim. There are many other lists such as this, you can see one here. Flip through each page, do you see anything other than white faces? Of course you don't, because Open Source and its adherents are ardent racists and they absolutely forbid access to the sacred 'kernel' by any person of color.
Lets look at another list, this time a compendium of the companies using Linux. Are there any black owned companies on that list? Nooooooo. How about these companies? They all have something to do with Open Source software, any of them owned by an African-American? No again. Here is an extensive collection of photographs from a LUG (Linux User Gathering) meeting, more can be viewed at that link. What is odd about these pictures, and every other photograph I have ever seen of a LUG meeting, is that there is not one single black person to be seen, and probably none for miles.
More racist overtones can be found by examining the language of Open Source. They often refer to 'white hat' hackers. These 'white hats' scurry about the Internet doing good, but illegal, acts for their fellow man. In stark contrast we find the 'black hat' hackers. They destroy the good works of others by breaking into systems, stealing data, and generally causing havoc. These two terms reflect the mindset of most Linux developers. White means good, black means bad. Anywhere there is black, there is uncontrollable destruction and lawlessness. Looking further we see black lists that inform other users of 'bad' hardware, Samba, an obvious play on the much hated Little Black Sambo book, Mandrake, which I won't explain except to say that the French are notorious racists. This type is linguistic discrimination is widespread throughout the Open Source culture, lampooned by many of its more popular sites.
It is also a fact that all Unix 'distros' contain a plethora of racist commands with not so hidden symbolism.
It can hardly be coincidence that the prime operating system of choice of the 'open source supremacists' - Linux, features commands which are poorly disguised racist acronyms. For example: 'awk' (All White Klan) , 'sed' (shoot nEgroes dead), 'ln' (lynch negroes), 'rpm' (raical purity mandatory), 'bash' (bring a slave home), 'ps' (persecute sambo), 'mount' (murder or unseat nubians today), 'fsck' (favored supreme Christian klan). I could go on and on about the latent racist symbolism in Linux, but I fear it would take weeks to enumerate every incidence.
Is there a single unix command out there that does not have some hidden racist connotation ? Suffice it to say that the racism pervades Linux like a particularly bad smell. Can you imagine the effect of running such a racist operating system on the impressionable mind ? I don't have to remind you that transmitting subliminal messages is banned in the USA, and yet here we have an operating system that appears to be one enormous submliminal ad for the Klan!
One of the few selling points of Open Source software is that it is available in many different languages. Browsing through the list I see that absolutely none are offered in Swahili, nor Ebonics. Obviously this is done to prevent black people from having access to the kernel. If it weren't for the fact that racism is so blatantly evil I would be impressed by the efforts these Open Sourcers have invested in keeping their little hobby lilly white. It even appears that they hate the Japanese, as some of these self proclaimed hackers defaced a web site with anti-Japanese slogans. Hell, these people even go all the way to Africa (South Africa mind you, better known as White Africa) and the pictures prove that they don't even get close to a black person.
Of course, presenting overwhelming evidence such as this is a bit unfair without some attempt to determine why these Open Sourcers are so racist. Much of the evidence I have collected indicates that their views are so deeply held that they are seldom questioned by the new recruits. This, coupled with the robot-like groupthink that dominates the culture allows the racist mindset to continue to permeate the ranks. Indeed, the Open Source version of a Klan rally, OSDN (known to the world as Open Source Developer's Network, known to insiders as Open Source Denies Negroes) nearly stands up and shouts its racist views on its demographics page. It doesn't mention the black man one single time. Obviously, anyone involved with Open Source doesn't need to be told that the demographic is entirely white, it is a given.
I have a sneaking suspicion as to why their beliefs are so closely held: they are all terrible athletes.
Really. Much like the tragedy at Columbine High School, where two geeks went on a rampage to get back at 'jocks', these adult geeks still bear the emotional scars inflicted upon them due to their lack of athletic ability during their teen years. As African-Americans are well known for their athletic skills, they are an obvious target for the Open Source geeks. As we all know, sports builds character, thus it follows that the lack of sports destroys character. These geeks, locked away in their rooms, munching on stale pizza and Fritos, engage in no character building activities. Further, they interact only with computers and never develop the level of social skill that allows normal people to handle relationships with persons of color.
Contrasted with the closed source, non-geeky software house Microsoft, Open Source has a long, long way to go.
Unless it has government backdoors in it to check for terrorists, drug info, DMCA violations, etc then it should be outlawed.
Only large corporations need firewalls. You "freedom" crazies need to have constant government supervision. Linux has been proven (from the MPAA court cases) that linux is nothing more than another tool in a criminal's toolbox.
DMCA and SSSCA will outlaw linux and there's nothing you dorks can do about it.
bend over.
Looks interesting. Does anyone know from a security standpoint how this compares to OpenBSD or other similar security minded projects?
does it run in runlevel 0 like the "halted firewall"?
I got invaded the other day because my linux FW was running a stupid service (ssh). Considering a true W ever since.
``If a program can't rewrite its own code, what good is it?'' - Mel
We have tried IPCop 0.1.1 at the office, and it has one very big advantage over using a general purpose distribution: it installs and comes up running very quickly. From inserting the CDROM to completion of the install on a typical system (200MHz Pentium with 64MB memory) it took about 14 minutes to having it running.
We use it as a three-way firewall with a DMZ, and that is stone-cold simple to install. Slick, with no problems.
Highly recommended!
Soli Deo Gloria
I have read over IPCop configurations and documentations several times before, and it is definitely a good solution for a simple home office or other small business network. It is fairly simple to use and setup, and fairly robust in operations. However, there is one thing that it lacks, as well as what many other solutions lack: the ability to handle redundant internet access. Although I have not looked at every single software solution for routing and networking on this scale, there still seems to be a lack of redundant-internet-connection support in the field. The ability to use multiple internet connections for backup in a single software solution, as well as to use multiple internet connections to increase overall bandwidth, seems to be missing.
Has anyone run across developing projects (or already developed projects) that are trying to accomplish this sort of feat? I have seen a hardware solution or two that have tried to work this problem, but they are rather impractical for a home office user who needs redundancy (telecommuting, etc) or expansion of their bandwidth (kids playing games while they need to transfer projects around, etc) for their home network. Can anyone comment on this subject?
this here is TRoLL.
i want to thank all the fellow trolls for fucking up this shit site.
rob malda is a faggot.
So, were page widening posts fixed yet?
censoring the hackers?
:)
:)
My Experience With Windows
I am a long-time Linux user and avid fan of GNU products, but I decided to try Windows to see what the hype is all about.
The long and short of it is that Windows sucks. It is basically unusable in its current state. I mean, who needs 8 half-working text editors? vi beats them all anyway, hands down.
Luckily I was running a vmware session so I just killed the session and the pain was over.
[ Reply to This | Parent ]
My Experience with Heterosexuality (Score:-1, Offtopic)
by Anonymous Coward on Saturday March 16, @03:12PM (#3174178)
My Experience with Heterosexuality
I am a long-time Homosexual fag and avid fan of Homosexual products (like dildos), but I decided to try Heterosexuality to see what the hype is all about.
The long penis and short penis of it is that Heterosexuality sucks. It is basically unpleasurable in its current state. I mean, who needs 8 half-working female vaginas? Ass beats them all anyway, dick up.
Luckily I was sucking a guy's cock so I just swallowed the semen and the pain was over.
Anyone who has read Brooks' "The Mythical Man-Month" will tell you that more coders != more productivity. Not always, anyway. And I think that this especially applies to open source projects where coders are often doing their work in different countries, if not different continents. I'm sure the openoffice team spends a hell of a lot of time just getting together and planning stuff, integrating everyone's code, etc. During this time the core KOffice developers can be banging away at the keyboard writing more code.
So it's not hopeless, even the smallest coder can change the course of the future
[ Reply to This | Parent ]
Re:there's still hope (Score:0)
by Anonymous Coward on Saturday March 16, @03:55PM (#3174345)
Anyone who has read Brooks' "The Mythical Man-Penis" will tell you that more penises != more semen. Not always, anyway. And I think that this especially applies to open source orgys where fags are often sucking their penis in different countries, if not different continents. I'm sure the openpenis team spends a hell of a lot of time just getting together and sucking penis, shoving their penises up each other's asses, etc. During this time the core KPenis developers can be banging away at their penises making more semen.
So it's not hopeless, even the smallest penis can change the course of the future
until they actually have to deal with some of the open-sores cocksuckers and their attitudes of unlimited entitlement. While that "smoothwall" guy might have an inclination toward dickdom, half of the "evidence" of his supposed bad manners that I've seen involves a rude, whiny, spoiled-brat user provoking the guy into spouting off.
As author of a similar project (www.dubbele.com) I', glad to see competition. Different people need different solutions, and there's plenty of difference between mine and theirs.
-John
It seems that more and more people are using politics to spur linux distributions. Spinning-off a GPL project is all well and good; but do you have to wish ill on the original project? It doesn't seem like this is different enough from smoothwall yet to indicate a new distribution. On a similar topic, has anyone checked out Sorcerer GNU/Linux lately? Seems this is happenning a bit too much for my taste. I'm all for things like K12LTSP which don't attempt to take anything from there originators, yet add productive/usefull features for anyone in a specialized nitche.
put the what in the where?
looks interesting alright, but why wait?
I'm running my own RedHat 7.2 box with iptables, squid and the whole nine yards. Works perfectly, probably because I had to configure it myself, didn't use a preconfigured firewall distro.
/.configure
make
make penis go in to anus
It isn't the firewall's job to do this, that is up to your router. Firewalls shouldn't get in the business of routing or handling routing protocols.
All *nix distributions can handle multiple uplinks, once you've tweaked them properly. Load balancing can be an issue, but if you want pure redundancy, that's not a huge problem. Servers on redundant connections is a whole different ball of wax, though.
You might already know this, but there is a really good one-disk-router/firewall around: Fli4l.
Boycot? Blackout? Subscriptions?
I don't care!
According to a University of California-San Diego study released Monday, sexism is rampant throughout the natural world, particularly among the highest classes of vertebrates.
"When we first decided to examine attitudes and behaviors toward gender roles among non-humans, we were wholly unprepared for what we would find," said Jennifer Tannen, leader of the UCSD research team, a joint venture between the school's zoology and women's studies departments. "Females living in the wild routinely fall victim to everything from stereotyping to exclusion from pack activities to sexual harassment."
Nowhere is the natural world's gender inequity more transparent, Tannen said, than in the unfair burden females assume for the rearing of offspring.
"Take the behavior of the ring-neck pheasant," Tannen said. "After mating, the male immediately abandons the hen, leaving her responsible for the total care for the chicks. For the single mother-to-be, there is no assistance, either in the form of a partner or child support. Nor is there any legal recourse. It's despicable."
Tannen said pheasants are typical of the natural world, where a mere 5 percent of animal species mate for life. Among species that do form lasting pairs, the situation barely improves: Females must remain close to the nest to incubate eggs, nurse, and keep watch over the burrow while males are free to go off hunting and fishing with their friends.
"The sexist attitude that child-rearing is 'women's work' is prevalent throughout nature and has been for generations, probably since reptiles first developed mammalian characteristics in the Triassic period," Tannen said. "Sadly, most creatures never pause to challenge these woefully outdated gender roles."
Tannen stressed the need to hold high those rare examples of species that do form caring, mutually supportive relationships.
"Wolves, beavers, gibbons, and a small African antelope known as a dik-dik all live in stable, monogamous pairs," Tannen said. "Other animals need to look to them as positive models if we are to have any hope of one day creating an ecosystem of understanding and respect."
More seriously, in addition to an unfair division of labor, nature is rife with sexual abuse and harassment. The UCSD study estimates that in 2001 alone, more than 170 trillion cases of abuse occurred in the world's forests, grasslands, and oceans--all of them unreported.
"During the act of mating, the female moose is subject to excessive biting, nipping, and herding," Tannen said. "The male has no qualms about using sheer, brute force to overpower his sex partner, and the female, accustomed to this sort of rough treatment after millions of years of it, doesn't even realize there's something wrong."
"Then, when it's time for the bull moose to complete the sexual act," Tannen continued, "it's over in about five seconds, with no regard to female pleasure whatsoever. Typical."
Adding insult to injury, Tannen said, the bull moose then heads off to mate with dozens more females over a period of two to three weeks, justifying his behavior as "part of the Mardi Gras-like atmosphere of 'mating season.'"
With other species, darker situations unfold.
"To mate, the male Galapagos tortoise simply immobilizes the female with his weight, which, as far as I'm concerned, qualifies as non-consensual sex," Tannen says. "Female southern elephant seals gather in large groups during mating season, and each group has a small handful of males who control them like a harem. It's sick."
When female animals refuse to play along with prescribed gender roles, Tannen said, they are demonized. For example, female foxes, known throughout the animal kingdom for their aggressiveness, are labeled "vixen."
"We've all heard the lurid tales about the female black-widow spider, who kills and eats her mate," Tannen said. "The truth is, male spiders encourage their partners to kill them because it increases the time spent mating and, thus, the number of eggs fertilized by his sperm. But no one condemns the male for his part in this destructive relationship."
UCSD researchers identified 24 distinct male behaviors designed to perpetuate gender inequity and preserve the prevailing power structure. Among these dominance-asserting behaviors are chest-puffing, plumage-spreading, and antler growth.
The UCSD study is not without its detractors. Glen Otis Brown, author of Forced To Strut: Reverse Sexism In The Animal World, countered that male animals are victims of "the beauty myth" as much as females.
"When given a choice, female green tree frogs gravitate toward males that call the loudest and most often," Brown said. "Female Poecilia reticulata [guppies] go straight to the most brightly colored males. But when males evolve exaggerated secondary sexual traits to attract the opposite sex, suddenly they're the bad guys."
Tannen conceded that both genders have suffered as a result of sexism.
"Other than sexual size dimorphism due to same-sex competition, males benefit little from the gender inequity that so strongly favors them," Tannen said. "In a world where interactions are rooted in competition, not cooperation, both females and males are being denied the right to form meaningful relationships."
Annie Secunda, a Boston-based females'-rights advocate, said swift action must be taken to address the problem of sexism within the animal kingdom.
"We need to provide tigresses, hens, and all other females in nature with outreach programs and support networks," Secunda said. "We also need to impose standards through intervention. The males of all species need to hear loud and clear the message that this kind of animal behavior is not acceptable."
Secunda conducts numerous workshops aimed at creating female-friendly biomes and promoting the health and positive self-image of females on both land and in the sea. She also strongly advocates the legalization of infanticide, which would enable females to devour their newborn offspring when resources are limited.
Secunda spent much of 2001 in the Amazon rainforest, working to create safe spaces for female animals. These efforts, however, yielded mixed results: Females have avoided the lighted walkways she built in several dangerously dense areas, and leaflets encouraging females to learn how their own bodies work were ultimately used to line dens for the rainy season.
Far from discouraged, Secunda said she plans to embark on an intensive study of the sexuality of flora.
"Multicellular plants alternate sexually reproducing and asexually reproducing generations, with each plant producing both male and female gametes," Secunda said. "It seems many plants have moved past conventional notions of male-female gender altogether. It's so liberating, I can't help but have hope for all those so-called 'higher' species of animals."
I am into the copy and paste.
You can find layouts like that , and my special super
Booyah!
I just installed IPCop this afternoon. Coincidentally, I saw this news story show up on slashdot the same time I was burning the CD-ROM.
So far, I am impressed.
The securityfocus review is very lacking, and very disappointing in content to be coming from a "security" site.
The IPCop installation was very simple and straightforward. The only hiccup was getting my ISA NICs to work.. I had to use a setup floppy to set the IO address, and manually load the driver "ne io=0x220".
The DMZ feature is very cool, and it looks like you can run IPSec out of the box.
The web interface is very slick. This interface is what separates it from a stock RedHat distribution with some custom iptables rules. Previously I was running a floppy-based distro for my firewall (BBIagent). I like IPCop better because it has SSH support, an update system, and I can log in to the console and 'do stuff'.
- IPCop lacks Richard Morrell.
- IPCop fixes the long-known USB ADSL bug with Smoothwall -- which cripples upload speed to 3K/s instead of 30K/s.
- No nagware, adverts, requirements to donate to get basic support, etc.
- Smoothwall GPL is treated and referred to as 'trialware' by the Smoothwall development team, and is essentially dead as GPL project.
Smoothwall is in my opinion perhaps the most ungraceful transition from a pure open-source project to a business in recent history.THIS is the problem with open source. Lack of standardization. Fork this, fork that. Suddenly you have a mess that nobody can account for. HOORAY!
There was defiantely a need to fork from smoothwall. The whole reason for it was to keep a good product and get rid of the asshole developer!
Trying to get support from the smoothwall dev team was a dubious process. When the dev team was slow users resorted to the mailing list for answers, as they should. Users discussed different options and solutions, some of them not knowing exactly what they were talking about. Only to have the main developer post a message saying 'You stupid f*cks don't know what the hell your doing, thats why I am the developer and you are not!'. No answer or nudge in the right direction for it, just childish games. While I understand that supporting a free product is not the best way to make money, getting a 'f*ucking loser nonpaying freaks' reply from the developers is not the answer. Saying nothing at all would have been better. Hence the fork. I needed a solution like smoothwall for work. I still run smoothwall at home because I am to lazy to change it there as it works well. When smoothwall released their enterprise products I stayed away because of the attitude of the main developers. I don't need that kind of crap at work...
Smoothwall is an awful, awful project. Installation is severly lacking, the features are crippled, and the developers are uninterested in taking an user requests. I'm glad to see a useful fork is up and running. This is great!
Redundancy could be difficult depending on what you mean...
It could be.
- You can change the "RED" Interface to be dialup etc and cause it to dial. (Would be fairly easy to implement in one of these distro's I would think...) You could manually do that with IPCOP now by logging in with "setup" I believe.
- The thing autodials if a link goes down. (The problem then is to detect failure if it's beyond the local link...) That would be feasible.
The other problem you have is if you want it available on the same IP address for hosting solutions. (Unlikely for a home machine I guess)Then you have significant routing issues to deal with no matter what you do.
Don't click on the article link hoping for a review from the fine folks at Security Focus. This is simply an install HowTo; editorializing is kept to a minimum.
OpenBSD is an operating system, designed with security in mind. It is probably as secure as anything BSD-derived can possibly be at this point.
IPCop, Smoothwall, Freesco, etc. are not operating systems, they are dedicated firewall/router devices built on stripped-down linux kernels. Although they incorporate DHCP servers, DNS relays, and similar network infrastructure schtupfh they are nonetheless strictly single-purpose appliances.
Morrell and Manning should be applauded for their achievement; Smoothwall broke new ground as an easily configured home firewall with Snort and Squid transparently integrated (no small feat).
UNfortunately, Smoothwall shares one characteristic with OpenBSD; like OpenBSD guru Theo De Raadt, Richard Morrell has an egotistical, abrasive manner and does not communicate well with end-users or fools. If his commercial venture is to be a success, he's going to have to learn some diplomacy. Or maybe not, Larry Ellison gets away with it.
I was playing with a number of similar stripped-down version of linux that were intenedd for firewalls. IPCop has a nice interface and is simple to setup, but found that I like Astaro for a better solution. The Hardware requirements are a little higher, but the I think the interface is better and one key feature that changed my mind is that Astaro is a stateful firewall
From Astaro Website
http://www.astaro.com
System
Linux 2.4-based, Change-Root Protection, Kernel-Capability Protection, Web-based Administration (128 Bit SSL encrypted), Updating via Internet (1024 Bit PGP signed), Logging via Syslog/SNMP/ASCII-Files.
Firewall
Stateful Packet Inspection, Portscan Detection, Anti Spoofing.
Virtual Private Networks (VPN)
IPSec and IKE (RFC 2408/RFC 2409), Microsoft PPTP (RFC 2637) Algorithms: Diffie-Hellmann/3DES/MD5/SHA 1.
Proxies
HTTP (Content Filter, Cache, Authentication), HTTPS, SMTP (Virus Protection), DNS, SOCKS 4.0/5.0 (Authentication), Authentication via User Database/Radius/MS Windows NT or 2000.
Networking
Source and Destination NAT, Masquerading, up to 25 Ethernet Interfaces (10/100/1000 MBit), IP Aliasing, Randomized TCP Sequencing, Proxy ARP, Automated Routing.
Performance
Running on a 750 MHz CPU: Up to 64000 concurrent Connections, up to 650 MBit/s Filter Throughput, up to 25 MBit/s VPN Throughput.
Josh
It seems to me that all new linux security packages have web based administration. This is nice is you don't feel like learning how to configure the applications you intend to be using, but I feel part of being secure is knowing your system. Linux was designed to be a command line interface and users of Linux should know their operating system.
Also, it seems to me that the more applications you run the less likely you are to be totally secure. Adding web based administration requires the use of a http server, which is just another application waiting to be exploited. I haven't checked out this distro yet, but I'm going to assume that it uses apache and custom cgi to implicate the web interface. No matter how secure apache seems to be now, there is always a very good chance that it will later become very acceptable to attacks in the near future. If you ask me, security means simplicity. If your looking for total security, run only what you must, and configure the applications you ultimatly decide are critical to your own specific needs. It will be a long time until user friendly is synonamous with secure.
For useful fork read: copy with some clipart and less talented support and developers - I notice that the SmoothWall crew dont even post in defence to the crap posted about them.
This isnt a fork - its just embarressing that I stopped using OpenSource stuff because you guys couldnt learn to talk. I thought the "ethos" thing was learning. IPCop isnt a fork, a fork has "features" - you've just ripped it off and tried to implement CVS badly.
watching his job slowly dissolving as he talks.
As the author of the SecurityFocus article in question, I'd just like to answer a few comments:
* Yup, I found this an interesting project for a number of reasons. It was WAY easier to set up than a standard Linux distro, but be aware that's because it has ONE purpose and one only -- to be a firewall. This is good and bad. As a simple, easy to install firewall system, I like it.
* I haven't played with www.dubbelle.com but I'll be sure to check it out shortly. There are lots of other good cut-down distros out there, and I'm sure there is place for all of them. The one advantage that IPCop has over a single floppy distro is a few extra features such as squid and IPSec.
* Sorry, the article really was meant to be a how-to, rather than a review. I'm sorry about those who were dissapointed expecting more of a review article but I prefer to write in the more practical sense. If you want a review, here's a one word one: GOOD. I'd be interested to hear what one poster (sloop) found "lacking" in the article, however.
* I hereby refuse to make any comment concerning Richard Morrell.
* Yup, Astaro is a fine distro too, and no doubt the fine folks at SecurityFocus will probably review it as well. I'm not that familiar with it myself so no doubt they'll get someone else to do the review.
Del
IRCops FUCKING SUCK. Death to Emad and all the scum that lick his ass. Oh, wait, IPCop...!? What the HOLY FUCK is that?!?!
(#1767)
STOP ME BEFORE I POST AGAIN!
Consider it like Mandrake when it was just a Redhat ripoff. Of course they haven't got a release that's different yet. This is to be expected. Try the betas and you'll see something better and distinct from Smoothwall.
--Giving to trolls for the benefit of us all
I note that ipcop is only on version 0.1.1 and I wonder if this means that the product is still evolving.
How would a product like Mandrake Server compare, apart from potentially being much bigger? (e-smith was only about 400 MB for the complete package).
- midtoad
Umwelt schützen, Fahrrad benützen
Having just spent a few hours installing ipcop I can say it rocks. We had a problem that it wasn't detecting the USB properly, but this was solved by not having the usb modem plugged in. The real difficulty was that the usb claimed to be "Unset" rather than either of the two options, but when my friend emailed them he got a quick response saying that the installed was being changed to make it more clear.
Once you get the thing working it's a dream, uploaded the file and had USB ADSL (to BTOpenWorld) going in no time at all. Possibly it's just wishful thinking, but response times and pings in general seem better (though it's bto, so they're still pretty crap), and it is just brilliantly easy to admin. Even the non-linuxy guys in the house are loving the new setup (for the record it's a student place with about 8 machines so we fit into the home/small office category).
-- "[The] NSA can eat shit and die until they stop listening to my phone calls" - TastyWheat
If I understand correctly, the DMZ feature won't be so useful until multiple IPs are allowed on RED.
Currently you may only use one "official" IP address (that is the IP address of the RED interface) to "pinhole" the DMZ. That means you may have just one web server on port 80, or just one mail server on port 25 and so on.
Of course you still may be able to serve multiple domains with name-based virtual hosts and such, but I think that multiple IPs on RED is a very desirable feature indeed (planned for 0.2 - yuck!). This is a strong limitation for anything a little bigger than a SOHO.
It shouldn't be hard to implement either, just allow interface aliases for the RED interface. Astaro does that very nicely. And that may also overcome the three interfaces limit...
What I REALLY would like to see in the future is some "security level" setting a-la Cisco PIX. Each interface is assigned a security level, with 100 being the internal LAN (GREEN in SmoothWall/IPCop speak) and 0 the external link to the Internet (RED). Each additional interface is given a security level inbetween. Each interface is allowed by default to talk to an interface having a lesser security level. Interfaces having the same security level may NEVER talk to each other. All of this, of course, unless otherwise stated. I think this is quite smart and simplifies policy design, it may be good to have at least as an option.
13-4=54/6
SmoothWall has shadow passwords if you install the correct updates. So the little article is a little wrong
Did anyone remember to mention that IPCop developers are a bunch of vindictive twats?
I've heard from various people that they have been launching DDoS attacks on people with spoofed IPs of the SmoothWall developers and servers.
Wankers
The latest version of SW/GPL is missing the nagware and only has adverts for the commercial versions. I see nothing wrong with that.
I tried IPCop the other week. Immediately it seemed less polished, was missing all the useful context help links and actually crashed on me.
I immediately put SW back and all was fine.
After burning my fingers with IPCop I will be more careful in future before I try it again.