IPCop is a Linux firewall distribution that takes an old pc and turns it into a dedicated firewall appliance. It offers advanced features such as IPSec VPN support and is of course licensed under GPL.

IPCop is actually a fork of the GPL 0.9.9 version of Smoothwall and hence the two are very similar in many ways. IPCop does however offer more functionality in several areas that are only addressed in the commercial version of Smoothwall and some that Smoothwall does not offer at all.

IPCop offers an IPChains based firewall with DHCP server, caching DNS, the Squid web proxy, Snort intrusion detection system, port forwarding, DMZ support and IPSec based VPN support using FreeS/WAN. There is an easy to use web-based admin interface and an SSH server is also available.

There is support for up to 3 network interfaces and the external or RED interface can be an ethernet card, an analogue modem, an ISDN modem or even a USB ADSL modem. The GREEN interface is a connection to your internal ethernet network and an optional ORANGE interface provides the facility of a DMZ or de-militarised zone where internet facing servers may be located. The use of a DMZ offers additional protection of your GREEN network should a server in the DMZ be compromised.

As well as general operation and configuration the web interface allows viewing of four different types of logs: IPCop, Squid web proxy, firewall and Snort intrusion detection. The status pages also allow viewing of traffic graphs and proxy graphs.

Hardware Requirements

IPCop doesn't require the latest PC hardware to run, an old Pentium with 32Mb RAM and a 1Gb hard disk will be more than adequate although more memory would be a benefit if using the squid web cache. The minimum requirements listed by the IPCop team are a 386 with 8mb RAM and a 100Mb disk although it is mentioned that some people have had trouble installing in less than 20Mb. Once the installation has been completed the system can then be managed via the web interface so a keyboard and monitor are no longer required.

Getting it and installing it

IPCop is available from the IPCop Web site as a 22MB ISO image. Installation is very straight forward and can be run from CD or via HTTP if you have a local web server running. A complete system including configuration can be up and running in as little as 15 minutes, any updates are notified and installed through the web interface.

Support

Support is available through the Mailing Lists or irc on #ipcop on irc.openprojects.net

Conclusion

If you only need the two or three interfaces IPCop caters for then it makes the perfect firewall solution for your network. IPCop is very well featured and the web interface is clear and easy to use, installation is simple, hardware requirements are low and best of all it is free in both the free beer and free speech contexts.
In my opinion there is no reason to choose Smoothwall GPL over IPCop considering the additional features offered by IPCop and Smoothwall's 'in your face' advertising for their corporate product together with the attitude of some of their developers.
I think these sort of appliance distros are an excellent idea and I hope we will see more of these sort of things in the future.

Links

• IPCop Web Site
• Sourceforge Site
• Installation Manual
• Administration Manual
• VPN Howto
• IPCop FAQ