-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Shawn wrote: > Installing IPCop will partition and format the hard drive as part of the > installation process. It is intended to be a standalone firewall (and > works great at it).
What Shawn said. > > The only way you might install IPCop in conjunction with an existing > Linux install is to use a virtual machine for the IPCop install. (Well, > I'm sure there are other ways, but this is simplest I can think of) > A virtual machine install will still be more difficult than running ipcop on hardware as you will need to sort out the various network interfaces, if you have not done this before IPCop will probably not work as expected. > If you want to build a firewall on your existing system, then you should > look at Firestarter (http://www.fs-security.com/) and iptables > (http://www.netfilter.org/projects/iptables/index.html). The learning > curve for iptables is a little steeper than IPCop, but it is the work > horse that just about all Linux firewall systems are built on. Actually all Linux "firewall" applications are using iptables (aka netfilter) to do the actual work. They all are just a front end (GUI or console). > Firestarter gives you a nice graphical tool to build the iptables rules. Firestarter is OK, it is a GUI tool which means that you must have a GUI interface installed (GNOME, KDE or some such) which IMO is never a good idea on a security appliance. One pre-built rule set that I use is arno's iptables firewall script (http://rocky.eld.leidenuniv.nl/). It is command line but it integrates well into a Debian/Ubuntu environment, the config file is also well documented. Using something like this you may be able to leverage an existing Linux install. This of course comes with risk, ideally a router and firewall should not do anything else. Installing other software or using a desktop system for routing greatly increases the attack surface. > > Hope that helps. > > Shawn > > > Joe Shuttleworth wrote: >> I would like to add IPCcp as a firewall. Does IPCop have to be >> installed to it's own computer? Can I install it to the same computer >> (that I'm running Linux on) to another hard drive? >> >> Thanks >> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkowF+4ACgkQwRXgH3rKGfOE8gCdHD4vc8ceIgHXPuCf7rt4X7oU prsAoKYXm2NH5kC2MUy74iNy4J7Wwgo8 =a3FZ -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
