choosing between ipcop and iptables

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
First I am new to linux and making some progress.  Now I am looking at
the beast (atleast in my eyes) called IPTABLES.

Then playing around on google I came across IPCOP.

Can one of you gurus tell me which one outperforms the other?  Which
is easiest to manage.  And any personal stories with each product I'd
be interested in reading.

I found stories on IPCOP vs Astaro, but you have to pay for Astaro.
IPTABLES and IPCOP both being free have my interest.

JUst looking for some guidance and personal stories from the trenches
here.  Thanks.

Re: choosing between ipcop and iptables

Hash: SHA1

nunya wrote:
Quoted text here. Click to load it

Neither. You misunderstand the difference between IPTables, IPCop, and Netfilter.

- - Netfilter is the firewall built in to the Linux kernel. NetFilter exists in
  almost every Linux distribution, including all the "mainstream"

- - IPTables is a command line utility that permits a user to manipulate
  Netfilter. IPTables is exists in almost every Linux distribution, including
  all the "mainstream" distributions.

- - IPCop is a Linux distribution that includes a GUI interface to Netfilter.

Quoted text here. Click to load it

Non-sequitur. Which is easiest to manage: A ride on an airplane, steering a
bus, or the engine of a car?

If you don't have a firewall, and have a computer that you can dedicate to the
purpose of a firewall, then IPCop would work.

If you don't have a firewall, and want to firewall your existing Linux system,
you can use IPTables or any of the other Netfilter config tools to configure a
firewall on your system.


- --
Lew Pitcher

Master Codewright & JOAT-in-training | GPG public key available on request
Registered Linux User #112576 ( /)
Slackware - Because I know what I'm doing.
Version: GnuPG v1.2.4 (GNU/Linux)


Re: choosing between ipcop and iptables

I had never heard of ipcop before, so I had a look.  It appears that
ipcop is a _distribution_, that is, you dedicate a computer to run just
that.  It is not clear what else you can install on the same computer
_after_ you install ipcop, but it seems you cannot install ipcop on top
of another distribution and continue using the other distribution. I
could be wrong, I did not look very hard.

Iptables is part of any normal distribution.  Not unlikely, ipcop uses
iptables at its heart.

What distribution are you using?

Do you have any special requirements, e.g., are you going to let others
access your computer without your presence, like when you run a web
server, or is your computer going to act as a firewall and router for
other computers as well?

Depending on what distribution you have, you might have a program


Just try running it on the command line, if you have it, it will prompt
you for the root password. Then it will give you a user friendly
graphical interface to iptables. This will be sufficient for most
ordinary users. (Notice: do not confuse running a server like a web
server, with accessing one, like when you browse the web. The same goes
for ftp. This tool asks you if you want to access such servers.)

If you do not have it, you are running another distribution than me. In
that case, you should find the documented tools for your distribution.

You can always do without nifty tools and configure your own solution.
However, if both the distribution startup scripts and your script try
to set up iptables, the last one to run its commands wins.
Check if any of the scripts under /etc/init.d executes iptables. You
can always use the command

   iptables -L -v

to learn what is the current state of your iptables filter setup. If
nothing has been set up the output will look like this:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source  destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source  destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source  destination

(The number of packets and bytes could be non-zero. This looks so bad
becaus the lines with "pkts" are the headings of tables that happen to
be empty.  If there is any data below these lines, you do have some
filter rules set up.)

To create yor own script, start here:

Just copy the script, use copy-and-paste, but do not include the
prompts that appear on this web page (i.e., do not include the # that
starts each line. Where there is two, ##, leave one). Don't worry about
"not needed if...", unless you made your own kernel, the modules are
not compiled in.  If you try to load the modules twice, the command
fails, but that is not a problem. Arrange that the script is run during
each reboot.

To get it take effect the first time, just run the script. If you find
you want to change the script, learn to clear all tables before you
re-run the script.  Tip: to clear, do

   iptables -F
   iptables -X
   iptables -Z

Once you get this to work, stop. But if you want to do more, read the
rest of Rusty's HOWTO.

Notice: If you want to use your linux box as a firewall and router for
a small home network with multiple computers, but all the computers
must share a single IP address that your ISP provides you, then you
need 'nat'. 'Nat' commands have '-t nat' in them. There is a separate
howto for that, I think.  'Nat' (network address translation) plays
tricks with the addresses in the packets as they are forwarded in or
out of your local network.  Sometimes it has to play tricks with port
numbers too. On your local network, computers do have different ip
addresses, these are just not visible to the world in this case.


Re: choosing between ipcop and iptables

On 16 May 2005 14:53:03 -0700, wrote:

Quoted text here. Click to load it
Fedora Core 2

Quoted text here. Click to load it

I have no plans to let others access.  This is for me to learn in my
own personal environment

Quoted text here. Click to load it

This link was very helpful!!

Quoted text here. Click to load it

THanks for you input.  I kept hearing about how linux is so stable and
secure so I just decided to get involved with it and part of my
problem is just learning how things are done.  In windows setting up a
firewall was a few mouse clicks.  In linux it is a little more
involved, but it appears you have more control.  Thanks again for your

Site Timeline