Assuming you are talking about Mandrake's Simple Network Firewall - SNF 7.2 (Have they got a later version out? They hadn't last I looked) - my vote would be 100% with IPCop. Admittedly I am very much a linux newbie and struggle with it till I get direction. However, here is my story with SNF and later IPCop.
I used SNF in Oz when I first had an always on connection (Telstra's cable service). It installed easily. I managed to get the extra bits and pieces I needed to get it to log on (bpalogin from memory). However, it would randomly stop working. The only way I found to correct it was a reinstall. The updating system was awful. There was something wrong with it that meant you had to install the second update manually. You'd just get all the updates installed and a couple of days later it would stop working - reinstall time. It was just too much hassle. IPCop installs easy (the ISO is more like 20Mb than 50) the update system is packaged well and is just easy. Thanks to this list I've managed to add a few things to the IPTables and it works just like it should. I have had it run in as little as 8Mb RAM, though it needs at least 16 to install. (More is needed if you want the proxy server to work, but I use a different machine for that). I figure that if I want to tinker with linux, I'd rather it wasn't the thing that was protecting me from the nasties on the internet. Cheer Kerry. -----Original Message----- From: Nick Rout <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Wednesday, 25 February 2004 22:16 Subject: Re: IPCop or Mandrake Network Firewall >On Wed, 25 Feb 2004 22:09, Nathan Cook wrote: >> I've been using Smoothwall and I have read some of the websites around >> about the owner of the product and his attitude, I'm now going to change to >> something else and I'm tossing up between IPCop and MNF, I've had a quick >> play with MNF in VMWare and it looks like it would do everything I want it >> to do, DMZ etc, port forwarding and what not... although I couldn't find an >> option to block ICMP ping anyone know if the option exists? >> >> I haven't used IPCop at all, has anyone on this list used both and can >> offer advice on what is the better of the 2 perhaps? >> >> The box it'll be running on will be a P2 300mhz 64mb Ram with an 8gig drive >> (although that may change to a 2gig drive) with 3 NIC's. >> >> Thanks for the help in advance. >> > >I haven't used Mandrake SNF, but I use ipcop a lot and like it. > >Turning off ping replies is a kernel option you can turn off manually >somewhere in the /proc tree, and set it to do so on a reboot from a startup >script. > >Ahh, found it: > >echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts > >On my ipcop box that line is in /etc/rc.d/rc.network > > >> Cheers >> >> Nathan >> >> --- >> Outgoing mail is certified Virus Free. >> Checked by AVG anti-virus system (http://www.grisoft.com). >> Version: 6.0.593 / Virus Database: 376 - Release Date: 2/20/2004 >
