purg.atory – a personal blog by elyograg

ipcop firewall project

Along with the .org, .net, .com, and .info versions of my ‘elyograg’ domain, my server runs Lower Lights, the domains that my wife set aside for a business, and some of the pieces of my friend Nat‘s domain. Eventually all of Nat’s domain will reside on my server.

Currently I use a firewall product called Smoothwall to protect my Windows machines. Because of limitations in the free version of Smoothwall, my Linux servers are on the “outside” of the firewall.

The limitations in Smoothwall are intentional. It is built around the Linux kernel and a lot of other software pieces covered by the Gnu Public License (GPL). Because of this, they are required to make the program and the source code for all derivative works available for free. They are careful to adhere to this requirement, but they also have a commercial version which is where they actually put all their development energy. The components that are unique to the commercial version do not fall under the GPL, so they are able to make a large profit on them, even though the majority of the overall system is free software.

Smoothwall’s half-hearted stance towards the open source ideal has irritated a lot of people. One group of those people created a fork of the project and named it IPCop. Although it lags behind commercial Smoothwall in features, it is not by much. They are willing to listen to requests from the community, where Smoothwall only implements new features when it will make them money. One feature that I would like is not offered by any of the free firewall products — the ability to use the real public addresses on the Orange (DMZ) network. I can do without that for now.

So, one of these days I will convert my firewall to IPCop and put my Linux machines behind it, giving them better protection from all the Bad Stuff(tm) on the Internet. I have not had a security problem with the servers yet, mostly because Linux is inherently more secure than Windows. Additionally, I am diligent in using secure protocols and keeping my software up to date for all reported security vulnerabilities.

elyograg

One response to “ipcop firewall project”

  1. Thanks for the background on IPCop — I’ve been using smoothwall with success for a couple of years now, but I’ve been eyeing IPCop. I think I’ll give it a try. 😀

    Reply

Leave a Reply to Matt Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.