Security is a top priority for any Systems Administrator and keeping your organizations network safe can prove to be a difficult and sometimes costly task.

Enter IPCop. The IPCop Linux Firewall Distribution is a simple to install, stable and highly secure statefull firewall which offers a DHCP server, HTTP Proxy, Intrusion Detection System, and VPN functionality. There are also many great addons you can use for tasks such as Bandwidth Monitoring, Content Filtering and Internet Access Control.

Best of all, IPCop will fit into any IT budget as it is freely distributed via http://ipcop.org. To summarize the IPCop Linux Teams mission statement, they aim to provide a secure, highly configurable, opensourced Linux Firewall Distribution while developing an appreciation for the Linux and Opensource movements in their users.

The default IPCop installation will provide your network with a high level of security and logging capabilities however using some of the freely available addons will add even more value to this distribution. In this article we will offer a brief review of the IPCop installation process as well as two custom addons: Block Out Traffic (BOT) and URL Fitler.

Installing and Customizing your IPCop Firewall

The basic requirements to install IPCop are a desktop with a 386, yes 386 processor, 32mb RAM and a hard disk with 300mb free, however if you plan to use the caching web proxy and IDS logging features you should consider a slightly higher specification. If you have an old PII/III sitting in your storeroom with 256mb RAM and a 6gb hard drive you will be all set. Also, IPCop uses the entire hard disk, so make sure you don’t need the computer for anything else!

The next step is to download the image and begin the installation process which can be run via CDROM, Floppy, USB Drive or over your network. Before you begin you should check to ensure that your NIC cards are compatible and your DSL modem is supported (if using one). You can find hardware compatibility lists here: http://www.ipcop.org/index.php?module=pnWikka&tag=IPCopHCLv01

During the install process you will have the option to configure up to four network interfaces and IPCop differentiates these with colors: GREEN-LAN, RED-External (WAN), ORANGE-DMZ, and BLUE-Wireless. What you choose will depend upon your network architecture.

I would recommend following the VERY detailed installation guide found here: http://www.ipcop.org/1.4.0/en/install/html/. After your configuration is completed it is time to start enabling some of the default IPCop services such as the caching proxy and intrusion detection system. It is a good idea enable logging for the IDS on both your GREEN and RED interfaces so you can monitor threats from outside and within your network but bear in mind that this will eat up some of your RAM. IPCop can also act as a DHCP server/client.

Now you’re ready to expand upon the default IPCop installation. There are many addons available with varying levels of f    unctionality, from hardware monitoring to virus filtering for your web and mail traffic.  We’ll take a look at two in particular:

Block Out Traffic (BOT) - http://www.blockouttraffic.de/

With a nice GUI interface BOT enables Systems Administrators to create rules which control access from your internal network to the Internet and to the IPCop box itself. For example, you can restrict users Internet access to only web and mail protocols by creating a rule which allows http, https, smtp, pop3, imap etc while blocking all other types of traffic (ftp, icmp etc).  

You can also restrict access to the IPCop box itself to ensure that only you and your IT team can connect via the web interface.

 
After placing protocols into service groups (ex: Web Services – http, https) you create rules allowing access based upon IP, MAC or Interface to those services.

Note that when you first install BOT, ALL outgoing traffic is blocked until you create rules allowing access. Let’s take a look at another great addon:

URL Filter: http://www.urlfilter.net/

URL Filter allows you to block access to specific websites in many different ways. You can enable blocking based upon categories such as Porn, Advertisements and hacking using publicly maintained blacklists or you can add individual domains to your own custom blacklist.

Another great feature is the ability to block access to all sites except those that you explicitly allow. When the user tries to browse to a page which you’ve blocked they will receive an Access Denied message which you can configure to the needs of your organization. Administrators can also block access to specific file types such as audio/video and set time based controls on the restrictions. 

URL Filter is a great tool to ensure that users are browsing the Internet according your companies IT policy. In the next part of this article we will compare IPCop to a well known commercially available firewall solution.