Wednesday, March 01, 2006

IpCOP - Solid Firewall

IpCOP - a linux based Firewall Distro, the impressive part should be the features that offered by IpCOP and the community efforts to make it completely solid firewalling solution.

Last few days my friend asking me regarding how I can do Layer 7 filtering or what it calls Application Layer filtering, this features seems not available via OpenBSD PF while you can use Snort2C hooking with PF to do so or maybe Squid as proxy to control but what he means would be total Layer 7 filtering such as blocking bittorent traffic, p2p or maybe any kind of application traffics. I quickly checkout Netfilter and I found this. It shows that there's possible to do Layer 7 filtering with Iptables but need stuffs to be recompiled, since I'm too lazy to install a linux system and recompiling stuffs, I remember there's distro called IpCOP which I have tried it out years back and it might offer Layer 7 filtering, aparts from that I also want to see the progress of IpCOP thus far.

After finished downloading IpCOP which it's size around 42MB, I burn the ISO and try to install it, installing is in a glance, installation completed in 3 minutes by answering few questions and you are done.

Installation is fast!!!!!

So now I have it installed, the next thing I do is login to the Web Control Panel of IpCOP to try out it's features. I like the way it organizes things where all of them in proper order and categories. The status tab has all the info of the system including the traffic graph as well. You can monitor system's activity by browsing through the tab.

System Information

Traffic Graph for the NIC .....

And since I'm more concern about the Layer 7 filtering, I found nothing much about it in the initial installation, I find out there is official extra addon modules for IpCOP here. I downloaded the L7-filter, p2pblock and qos and install thru ssh CLI. That's all I need for the IpCOP to enable Layer 7 filtering. Once installation done, I find Qos and P2Pblock in service tab. There I can specify what kind of Layer 7 traffic I want to filter.

Applying Layer 7 filtering on chosen NIC

P2Pblock module is real cool

Since I'm not really sure whether it is applied properly by just clicking on the Web-Gui, I'm more to CLI kind of person, then I try to run IPtables command to check out to see if it applies correctly.

shell>iptables -L P2PBLOCK_FORWARD -v

Below is the output of iptables P2PBLOCK_FORWARD chain.

Not only it offers layer 7 filtering capabilities, I downloaded IDScontrol module and install it, then I have Intrusion Detection on my IpCOP directly, the best part is I can download and update snort rules with just few clicks. Snortalog module is available too however I don't show it here.

IDScontrol for IpCOP, the snort rule management interface

Then if anyone interest in OpenVPN, there's unofficial module that available here, OpenVPN is always my first choice of VPN solution and I'm glad it works on IpCOP.

OpenVPN Configuration Interface

I have not much complaints about IpCOP, the way they putting it all together is well maintainned and I do wish this project continuously growing to be one of the best Enteprise Rate Firewall even though I know they are now.

Have fun with IpCOP - The Bad Packets Stop HERE!!!!!


Murali Raju said...

Hi Geek00l,
I am not a big fan of the whole L7 filtering within so called App Layer firewalls. PF did not do this for a reason. I have blogged my rants here- :-)


geek00L said...

hey transporter,

It's good to see you here, I tried L7 stuffs cause one of my friend asking me about it, of course I'm into PF more to IpTables however IpCOP really put things together and it's worthwhile to try out :]
And it's glad to hear you have blog, I will tag it.

squeege said...

IPCop is very good, but I find it gets messy after adding modules to get for egress filtering, etc.

Endian FW, a fork of IPCop, also looks very promising:

m0n0wall, although very basic, is excellent and rock solid. If you're looking for all the bells and whistles of IPCop but prefer a PF based FW, PFSense beta is coming along nicely:

It's based on m0n0wall, but uses bleeding edge FreeBSD 6.x and is much richer.