Shane's ramblings
Discussions of Coldfusion, life, the universe, and everything

Home

IT Toolbox: IPCop

Posted At : December 12, 2007 2:08 PM | Posted By : Shane Zehnder
Related Categories: IT

Two years ago when I was forced to move my servers from where they were housed to an in-house setup I knew I needed a reputable firewall to protect the servers. A good friend of mine whose opinion I respect greatly said he had recently went with the SonicWall firewall. Looking at all the features it offered I pointed a web browser at CDW and proceeded to buy my own SonicWall for the office. While I have no real problem with the firewall itself, what I do have issue with is their licensing. It would seem to me that when you pay quite a few hundred dollars for a firewall appliance (I don't remember the exact cost, but it was not trivial) you should be able to use all the features it supports. You should not have to renew your licenses every year which generally runs another $500 to $600 a year. This was a key factor that I was not aware of when I made my purchase.

Fast-forward to today. As I blogged about last week, my public web server had some 1337 h4X0r3z attempt to install an IRCBot and an FTP distro on my server. As luck would have it I was checking through my anti-virus and tamper protection logs and saw where they had attempted to upload the files and knock out my anti-virus scanner which they did not manage to do. To make a very long story short, I realized I needed more security on my public server. As luck would have it I was lurking around in #coldfusion on DalNet as I often do and iotashan mentioned that he has been using IPCop for quite some time and he really liked it. I have never gotten any bad advice from any of the great people in there so I decided to check it out.

Now, I know as much about linux as I know about women, which I am sure my girlfriend would whole heartedly agree with me on that. However, I had the whole system up and running in about 20 minutes including running the setup, configuring the NICs, and plugging the networks in. IPCop supports up to four interfaces:
RED: Internet
GREEN: Your private network
BLUE: Wireless network
ORANGE: DMZ

Not only is IPCop free, but there are also quite a few expansions you can download and they only take minutes to install. As a matter of fact, I was so impressed with it I also added a second IPCop firewall for my office. With the added URL Filter plug in it made blocking sites much easier than it ever was with SonicWall, which they also charged you an annual fee to use.

Needless to say, if you are looking for a good firewall, you have an old PC laying around, and you are looking for a free product that is comparable to Microsoft's ISA server, it is definitely worth checking out. You can find it here:

http://www.ipcop.org

Comments (3) |

Print |

Send |

del.icio.us |

Digg It! |

Linking Blogs | 819 Views

Related Blog Entries

The perfect end to a perfect week (December 7, 2007)

Comments

[Add Comment]

Thanks for the review. I've also heard good things about IPCop.

# Posted By Sami Hoda | 12/12/07 5:09 PM

I've started using IPCOP back in 2003 and loaded up a Gateway P-66 circa 1996... needless to say I just retired that machine when we moved everything to leased servers at The Planet this summer. It was in front of about 5 web servers and served up 500 websites and email to go with those domains. I have one at my house on an old compaq and I have them deployed in a rack in front of a 10 webserver and 3 db server cluster at sungard... and amazing product and would put it against any commercial firewall.

# Posted By J.J. Merrick | 12/14/07 9:13 PM

I had just replaced our company's M$ ISA Server 2006 with IPCop v1.4.18 and I'm happy to say that I'm 101% satisfied with IPCop. I believe that it has surpassed M$ ISA Server's performance on its purpose as a firewall. With my IPCop. I also included AdvProxy and URLFilter as its addon.

Thank you to IPCOp. ADVProxy, and URLFilter.

I will no longer use M$ ISA Server.

# Posted By Ian Ace | 5/6/08 12:17 AM

[Add Comment]