Configuring IPCop Firewalls
Posted by Eric Lubow   
Book Reviews IPCop is a tool that can be deployed in almost any place within a network and serve a functional purpose. It has an intuitive easy to use interface that is great for users of any level. And the fact that no prior Linux or IPCop knowledge is required is just another bonus.

Date: 10 Nov 2006

IPCop is a tool that can be deployed in almost any place within a network and serve a functional purpose. It has an intuitive easy to use interface that is great for users of any level. And the fact that no prior Linux or IPCop knowledge is required is just another bonus.

Title Configuring IPCop Firewalls: Closing Borders with Open Source
Author Barrie Dempster and James Eaton-Lee
Pages 219
ISBN 1-904811-36-1
Publisher Packt Publishing
Edition 1st Edition (Sep 2006)
Purchase Amazon


Geared towards your average individual with a very limited knowledge of firewalling, networking, or even open source software in general Configuring IPCop Firewalls is an excellent starting point.


As this book is geared towards those without prior knowledge of Linux or networking experience, it starts out simple. There are discussions of the OSI (Open Systems Interconnection) model, network design and structure, filtering and shaping devices, and dedicated hardware. The authors then move on to concepts more specific to IPCop and its intuitive interface. They talk about the different colored interfaces and how they apply to network traffic and network security.

Chapter 3 then delves deeper into designing a network and creating a proper topology for your setup. At this point, the reader should have enough of an understanding to accomplish this task for an IPCop network.

Now that you have a plan for your network, it is time to install IPCop. The next chapter takes you through the installation process in a step-by-step manner with the associated graphics.

Although IPCop has the ability to be complex, the web interface makes many things very easy. Chapter 5 takes you through some basic usage of the web interface.

Once the basics have been covered and the initial configuration out of the way, it is time to make the machine do what you want it to do. Chapter 6 takes the reader through configuring Snort, an IDS (Intrusion Detection System). It contains everything from log monitoring to log analyzers. Then moving onto VPNs (Virtual Private Networks), IPCop allows the user to easily setup anyone of the major protocols including IPSec, L2TP, PPTP, SSH, SSL, and even some of the proprietary VPN protocols that are publically available. You can even integrate Wifi access into the VPN interface (something not easily done on your average firewall).

As bandwidth is universal problem, IPCop provides helper applications in this realm. There is a section of the web interface that is used to configure Squid, a proxy and caching server. IPCop also covers one of the majorly underused (partially because of its complexity) applications of traffic shaping and caching. By having an easy interface to prioritize traffic and access to the various services available via your network, you can create a very user friendly network.

Finally the book wraps up with how to customize your configuration. These include such addons as SquidGuard for Squid, MAC address based filtering, remote logging, malware detection, and email scanning just to name a few. And with each addon, there is a web interface for configuring it. And as security is always an issue, which is likely the reason you set up IPCop to begin with, it also comes with a section on auditing, patch management and auditing.


Firewalls have come a long way in the time that I have been working with computers. I had never even heard of IPCop prior to reading this book. And ever since I picked it up, I did an immediate install on a spare virtual machine to play around and immediately liked what I saw. Every time I came across something that I thought would be useful to do, I just referenced the book and it was easy enough to it setup, especially the VPN with IPSec.

In my opinion, the best thing about Configuring IPCop Firewalls is the progressive approach the book takes to walking you through design, installation, setup, configuration, then hardening. Although this may seem trivial, this is a process that many (even in the industry) skip over and go right to implementation and end up paying for it in the long run. Since this book is geared towards newer users, it puts them into good habits that should be kept throughout their career with network administration.

I would definitely recommend this book to someone with a straightforward network setup who wants to begin to delve deeper into the world of network administration. If the network is likely to be complex, then IPCop is not necessarily the way to go.

Reviewed by: Eric Lubow

IPCop reviewWritten by Nathan on 2006-12-01 10:04:44
Thanks for taking the time to write this helpful review. I have been interested in this topic for quite some time.  
Although, documentation is available at the IPCop website, I thought a book on the topic would be appreciated by the IPCop community. This appears to be a good one.
Written by wildpossum on 2006-12-11 21:29:25
It's good to see that a book on IPCop has appeared. It will make it easier to deploy IPCop as one can point to the book as documentation. 
IPCop is a great little distribution. It is small (they have kept the CD image small), tightly targetted, and installs in no-time. I am hoping that some of the very useful addons like ZERINA and QoS make it into the mainstream, that is, can be installed by someone without having to resort to ssh, scp, tar, etc. (sure it's easy for a Linux person, but you want it easier for a bigger audience), and without bloating the CD image. Maybe some sort of addons site is the way to go.
Written by vinitm on 2007-03-15 02:13:13
goodWritten by best on 2008-04-19 08:35:19
I'm agree with you.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!