Looking for a decent network firewall suitable for SOHO, branch offices and even small enterprises? IPCop turns
nearly any spare PC into a full-featured stateful inspection firewall.
The IPCop firewall supports multiple network segments -- trusted, un-trusted and semi-trusted -- for wireless networks and DMZ. It runs very well off old 486 hardware or can be bulked up to handle gigabit-speed networks. IPCop is stable, has an easy-to-use graphical interface, and since it is based on Linux under the hood, it's free.
IPCop is a breeze to install: download the software and create a boot disk. The installer creates a complete, hardened system that has the option of running completely off of a flash memory card. Like many gateway routers, IPCop handles DHCP leases, DNS and network time protocol, plus it has several extras that make it stand out.
IPCop's stateful firewall keeps track of connections to and from each zone based on the source and destination IP addresses and ports, as well as the state of the connection itself. The zones are color-coded, making it easy to understand where traffic is going. Information on individual connections is displayed and each connection from or to your network segments is shown. Being stateful, only the packets that are consistent with the current state of a connection will be allowed through the IPCop firewall.
You can pay a lot more money for a firewall with as much built-in functionality, but IPCop is not just a free network firewall, but one good enough to keep your network free of bad packets.
Scott Sidel, CISSP, is an Information Systems Security Officer (ISSO) for Lockheed Martin.