IPCOP A Nostalgic Look
Since December 2011, over a series of five articles in LFY, I have covered several important aspects of IPCOP firewall version 1.4.21, including its inbuilt features and various add-ons that raise it to almost commercial levels. Now, though a new stable r
Needless to say, IPCOP is a great and absolutely stable stateful packet inspection (SPI) rewall distro. Being an SPI rewall, it keeps track of all outgoing requests and subsequently allows incoming traf c only as replies towards the corresponding outgoing request. This ensures no unauthorised communication can be initiated from the Internet towards the internal network.
The installation of IPCOP is simple and straightforward once you understand its interfaces which are coloured in an intuitive way. Red denotes the untrusted network, typically the Internet; green is the protected internal network; blue is typically used as a wireless subnet and orange is the demilitarised zone or DM . Default access in between various zones is prede ned to allow only controlled traf c as detailed in Table 1.
The default scheme blocks all access from the Internet (red), the DM (orange) and wirelessly (blue) towards the protected network (green). Further, the PN can be used to allow secure access from blue to green.
Apart from blocking unintended traf c, a good rewall must also have several other functions such as PN, logging, a time server, etc. IPCOP does support various such functions; a list is given in Table 2.
Though an excellent rewall distro, IPCOP lags behind on several important functions such as categorised URL ltering, Open pn, proxy reports, etc. Please refer to Table for details of several add-ons, which integrate various functions in IPCOP. Please refer to the earlier articles on IPCOP in LFY for detailed instructions on installation, con guration and troubleshooting.
Access to IPCOP is available on non-standard TCP ports SSH on 222 and https on . To transfer binaries of various add-ons to the IPCOP box, those on Linux systems can use default SSH and SCP commands, whereas those on Windows systems can use free downloadable tools, putty and WINSCP, respectively.
Apart from these, the various other add-ons available for IPCOP include: Cop lter A gateway antivirus Ntop For network monitoring p2pblock Blocks various peer-to-peer downloads WLAN AP Converts IPCOP to a wireless access point IPCOP 1. .21 has helped various organisations to secure their network since it was released on uly 2 , 2 . Since
Table 1: The IPCOP access matrix
* May be allowed by configuring the DMZ pinholes ** May require configuration of blue to green pinholes
Table 2: Various IPCOP features
Table 3: IPCOP add-ons
then, various new hardware platforms such as SATA hard disks, Flash disks, SATA optical drives, and various new igabit LAN cards have become standard. But they remain unsupported on IPCOP 1. .21. Flash-based installations are also becoming more popular than hard disk-based installations. As it is said, all good things come to an end or get upgraded, and so it is with IPCOP. Its new version 2. . was released on September 2 , 2 11. The latest in the series is 2. . , which was released on February 1 , 2 12.
As mentioned on Ipcop.org, the latest version 2. has various important changes: Linux kernel 2. . 2 New hardware support, including Cobalt, Sparc and PPC platforms A new installer, which allows you to install to Flash or hard drives, and to select interface cards and assign them to particular networks Access to all Web interface pages is now password protected The port for https secure connections has been changed to Incorporation of Open pn functionality Several new Web interface pages Watch this column for more about this latest IPCOP release and much more.