Slashdot Mirror
Configuring IPCop Firewalls
Ravi writes "IPCop is a GPLed firewall solution targeted at Small Office/Home Office network. It is favored by many for its ease of configuration and setup and its support for a variety of features that you would expect to have in a modern firewall. IPCop is famed for letting users setup a sophisticated firewall for ones network without ever having to write an iptables rule themselves." Read the rest of Ravi's review.
Configuring IPCOP Firewalls - Closing borders with Open Source
author
Barrie Dempster and James Eaton-Lee
pages
230
publisher
Packt Publishing
rating
8.5
reviewer
Ravi
ISBN
1-904811-36-1
summary
A practical book that takes a hands on approach in setting up and configuring IPCop firewall on ones network
Configuring IPCop Firewalls published by Packt Publishing is authored by two people Barrie Dempster and James Eaton-Lee and is divided into 11 chapters. The first chapter gives a brief introduction to firewalls and explains technical concepts such as OSI reference model, an introduction to TCP/IP and a brief outline of the parts that comprise a network. Even though I did not find anything new in this chapter, I realized that this is meant for people who are new to the world of computer networks and aims to bring them up to date with the various technologies associated with it. A network administrator intending to pick up skills in configuring and setting up IPCop, can circumvent this chapter and go to the second chapter which gives an introduction to IPCop and its different features. The authors have explained the concepts in an easily understood way with the aid of necessary screen-shots. One of the salient features of IPCop is its web based interface which allows one to configure all aspects of it from a remote location. In fact, IPCop is designed to be controlled from a remote location and serves all its configuration parameters via the Apache web server.
In the second chapter, one gets to know all the features of IPCOP including the different services it offer. One thing that struck me while going through this book was that the authors are fully immersed in explaining the configuration aspects of IPCop which is done entirely via the web interface. Other than the first, third, and 10th chapter, where the readers are made to digest some theory, the rest of the book is as a how-to. I found this to be ideally suited for people who are the least bothered about theory and just want to set up IPCop and get on with what they were doing.
In the third chapter, we are introduced to the unique feature used by IPCop to segregate the network depending upon its vulnerability. And in the succeeding chapter, the authors walk one through installing IPCop. Here each and every installation step is explained with the help of a screenshot which makes understanding the procedure much more intuitive.
The chapter titled "Basic IPCop Usage" gives a good introduction to the web interface provided by IPCop. Reading this chapter, I was able to get a good feel for the IPCop interface. More specifically, you learn how to configure IPCop to provide different services such as DHCP server, support for Dynamic DNS, editing the hosts file and so on. The IPCop interface is quite rich in functionality even providing options to reboot or shutdown the machine remotely. In this chapter, apart from the introduction to the web interface, the authors have also provided a few tips related to logging in to the remote machine running IPCop using SSH.
Put in simple terms, IPCop is a specialized Linux distribution which contain a collection of tools which revolve around providing robust firewall capabilities. The tools bundled with IPCop range from the ubiquitous iptables, services such as DNS, and DHCP, to tools which specialize in intrusion detection such as snort.
The sixth chapter titled "Intrusion Detection with IPCop" explains the concept of intrusion detection and how one can use snort IDS bundled with IPCop to effectively find out what is passing through our network and thus isolate any harmful packets.
The book moves on to explain how to use IPCop to set up a virtual private network (VPN). By way of an example, the authors explain how to setup a VPN between two remote networks with each end having a IPCop firewall in place. This chapter covers different VPN scenarios such as host to net, net to net connections as well as configuring IPCop to detect the Certifying Authority certificates.
The 8th chapter is a rather short one which explains how to effectively use proxying and caching solutions available in IPCop to manage the bandwidth.
One of the biggest advantages of IPCop is that it is possible to extend it to provide additional features by way of add-ons. Add-ons are generally developed by third parties and are usually developed with an aim to provide a feature that the developers of IPCop have missed. There are a whole lot of add-ons available for IPCop. The 9th chapter introduces the most popular add-ons available for IPCop such as SquidGuard — a content filtering add-on, LogSend — an add-on which send the IPCop logs to remote email accounts, AntiSpam, integrating ClamAV anti virus solution and more. The authors have also explained how to install and enable these add-ons using the IPCop web interface.
The tenth chapter titled "Testing, Auditing and Hardening IPCop" has more of a theoretical disposition where the authors list some of the common attributes towards security and patch management and also some of the security risks and a few common security and auditing tools and tests.
One thing I really like about this book is the practical approach taken by the authors in explaining how to accomplish a certain task. Each section is accompanied by the relevant screenshots of the web interface with a brief explanation of the options available. The book is well designed with a number of tips provided in each section highlighted in big square brackets which makes it quite eye catching. Even though I found the book a bit short on theory, it is an ideal resource which provides a hands on approach to people who are more interested in installing and setting up IPCop firewall solutions in ones network rather than pondering about the theoretical concepts of the same.
Ravi Kumar likes to share his thoughts on all things related to GNU/Linux, Open Source and Free Software through his blog on Linux.
You can purchase Configuring IPCOP Firewalls - Closing borders with Open Source from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Configuring IPCop Firewalls published by Packt Publishing is authored by two people Barrie Dempster and James Eaton-Lee and is divided into 11 chapters. The first chapter gives a brief introduction to firewalls and explains technical concepts such as OSI reference model, an introduction to TCP/IP and a brief outline of the parts that comprise a network. Even though I did not find anything new in this chapter, I realized that this is meant for people who are new to the world of computer networks and aims to bring them up to date with the various technologies associated with it. A network administrator intending to pick up skills in configuring and setting up IPCop, can circumvent this chapter and go to the second chapter which gives an introduction to IPCop and its different features. The authors have explained the concepts in an easily understood way with the aid of necessary screen-shots. One of the salient features of IPCop is its web based interface which allows one to configure all aspects of it from a remote location. In fact, IPCop is designed to be controlled from a remote location and serves all its configuration parameters via the Apache web server.
In the second chapter, one gets to know all the features of IPCOP including the different services it offer. One thing that struck me while going through this book was that the authors are fully immersed in explaining the configuration aspects of IPCop which is done entirely via the web interface. Other than the first, third, and 10th chapter, where the readers are made to digest some theory, the rest of the book is as a how-to. I found this to be ideally suited for people who are the least bothered about theory and just want to set up IPCop and get on with what they were doing.
In the third chapter, we are introduced to the unique feature used by IPCop to segregate the network depending upon its vulnerability. And in the succeeding chapter, the authors walk one through installing IPCop. Here each and every installation step is explained with the help of a screenshot which makes understanding the procedure much more intuitive.
The chapter titled "Basic IPCop Usage" gives a good introduction to the web interface provided by IPCop. Reading this chapter, I was able to get a good feel for the IPCop interface. More specifically, you learn how to configure IPCop to provide different services such as DHCP server, support for Dynamic DNS, editing the hosts file and so on. The IPCop interface is quite rich in functionality even providing options to reboot or shutdown the machine remotely. In this chapter, apart from the introduction to the web interface, the authors have also provided a few tips related to logging in to the remote machine running IPCop using SSH.
Put in simple terms, IPCop is a specialized Linux distribution which contain a collection of tools which revolve around providing robust firewall capabilities. The tools bundled with IPCop range from the ubiquitous iptables, services such as DNS, and DHCP, to tools which specialize in intrusion detection such as snort.
The sixth chapter titled "Intrusion Detection with IPCop" explains the concept of intrusion detection and how one can use snort IDS bundled with IPCop to effectively find out what is passing through our network and thus isolate any harmful packets.
The book moves on to explain how to use IPCop to set up a virtual private network (VPN). By way of an example, the authors explain how to setup a VPN between two remote networks with each end having a IPCop firewall in place. This chapter covers different VPN scenarios such as host to net, net to net connections as well as configuring IPCop to detect the Certifying Authority certificates.
The 8th chapter is a rather short one which explains how to effectively use proxying and caching solutions available in IPCop to manage the bandwidth.
One of the biggest advantages of IPCop is that it is possible to extend it to provide additional features by way of add-ons. Add-ons are generally developed by third parties and are usually developed with an aim to provide a feature that the developers of IPCop have missed. There are a whole lot of add-ons available for IPCop. The 9th chapter introduces the most popular add-ons available for IPCop such as SquidGuard — a content filtering add-on, LogSend — an add-on which send the IPCop logs to remote email accounts, AntiSpam, integrating ClamAV anti virus solution and more. The authors have also explained how to install and enable these add-ons using the IPCop web interface.
The tenth chapter titled "Testing, Auditing and Hardening IPCop" has more of a theoretical disposition where the authors list some of the common attributes towards security and patch management and also some of the security risks and a few common security and auditing tools and tests.
One thing I really like about this book is the practical approach taken by the authors in explaining how to accomplish a certain task. Each section is accompanied by the relevant screenshots of the web interface with a brief explanation of the options available. The book is well designed with a number of tips provided in each section highlighted in big square brackets which makes it quite eye catching. Even though I found the book a bit short on theory, it is an ideal resource which provides a hands on approach to people who are more interested in installing and setting up IPCop firewall solutions in ones network rather than pondering about the theoretical concepts of the same.
Ravi Kumar likes to share his thoughts on all things related to GNU/Linux, Open Source and Free Software through his blog on Linux.
You can purchase Configuring IPCOP Firewalls - Closing borders with Open Source from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
You are being MICROattacked, from various angles, in a SOFT manner.
...you probably don't need this book. IPCop is super easy to to set up & configure if you're even the slightest bit geeky. I really like it, but then I'm the slightest bit geeky.
I haven't followed the projects since way back, but IPCop was originally a fork of SmoothWall meant to stay completely Free after a "dickishness inclined" project founder pissed a good number of people off with particularly ugly actions and statements. Not to mention a downright hostile stance toward helping non-paid users and threatening critics with lawsuits (myself being one of the recipients of an indirect threat levelled against me through my college where I once hosted some email correspondence with some of the SmoothWall team) in order to silence people speaking up about issues with said founder being... well, a douchebag.
My own pointless vanity vintage computing page
Small real estate company with several sattelite offices around the bay area. Owner was cheap. Sometimes a cheap boss can force you to be creative, which can be fun.
Most of the IPcop firewalls in the sattelite offices are running on PII or less machines, with the main office on a P4 1.4ghz. Freeswan VPN's are setup between all the office.
Not much more to say than that. Other than a few upgrades (easily done through the web interface) my ipcop boxes have had uptimes around 2 years. Very awesome, reliable firewall.
Why not? Using a user-friendly GUI to configure a Linux firewall is a great way to *LEARN* to use more advanced features down the road.
/etc/apt/sources.list file by hand, or have Synaptic do it for you. Synaptic will correctly parse any changes that you make, and if it modifies the file, it will do so in an easy-to-read way. I recently installed Ubuntu for a friend of mine and explained to him that a good way to learn to use the command line configuration files is to play around with the GUI utilities and study the changes they make to those files.
/etc/hosts file like Linux somewhere under the \winnt\system32 directory... I made the mistake of editing it by hand, and then trying to undo the changes with the GUI. The changes made by the GUI were somehow silently ignored, which led to a mistifying series of DNS problems.
I am an experienced Linux user and do pretty much everything from the command line. But I find there is a lot to like about the new GUI utilities like gnome-system-tools, especially compared to their MS Windows counterparts.
One of the great things about most Linux GUI configuration utilities is that they use the *same* configuration files that you could edit by hand, and generally try to modify them in a human-readable way. For example, under Debian or Ubuntu, you can edit your
Contrast this with Windows where a lot of things can ONLY be configured with the GUI utilities, which often write their changes to impenetrable, undocumented binary registry keys... very hard to track down. If you try to configure things from the command line in Windows, you'll run into inconsistencies. For example, Windows XP actually has an
So I see the gnome-system-tools style of GUI configuration tools to be a Very Good Thing. These utilities make configuration easier for many people, without preventing them from accessing the underlying configuration in a comprehensive manner, and without leaving the system in an inconsistent state.
My bicyles
In terms of hardware, I was using a Pentium-166, which had *tons* of horsepower for this application (either IPCop or SmoothWall). The only thing was that it was older hardware, and about once a month it would sporadically die
SmoothWall was a compacted Linux distribution, which allowed for the usual Linux apps to be added. Want to your your own ntpd for your home-LAN? No problem. Perhaps some fancy dchp-configuration options - again, no problem.
-sparkyradar
Spoken like a true computer scientist. I know, I used to be one. You see, the problem is you're spending too much time getting excited about the solution and not enough time looking at the problem.
It certainly doesn't hurt to have an understanding of the underlying mechanics of Linux based firewalls, but it shouldn't have to be a prerequisite of solving your problem. I've been a Linux user for 10+ years and I use IPCop at home. I'm familiar enough with iptables to solve any problems I might encounter, but I'm not interested in any more than that. I actually want to use my computers as tools, rather than spending all my time figuring out how to do something which should be easy.
Would you recommend every motorist should be able to strip their engine down and rebuild it? It just isn't feasible, or sensible.