Have a copy of SuSe and also Knoppix versions of Linux. Thinking about trying out FWBuilder and wondered how complicated it was for a total Linux novice with no command line knowledge whatso ever!

Just download ipcop. It's based on the 2.4 kernel and works without all that piddling around :D

LOL i'm running ipcop! How did you do the rule for ICMP on it though, through command line or where in the GUI?

Wanted to look at other options as well as ipcop and also avoid running fw1 on a dog of a box that is only good for linux!

FWbuilder is absolutly brilliant!!!!

Linux Journal did a 2 part paper on this a few months ago and they rated it so highly I was expecting the pages to be stuck together.

I configure my IPTables by hand, but I did try FWBuilder once to see what script it spat out.

The result was brilliant. I was very impressed and I even tweaked my own script to incorporate a few ideas from that.

If you want I can scan in the full writeup from Linux Journal (yes I am sad and do keep all my old copies). It will be Monday now, as I don't have a scanner at home.

Verdict : A1

You need to edit IPTables manually, which is a bit of a sod...

Add the following to drop all icmp
/sbin/iptables -A CUSTOMINPUT -i <<RED DEVICE HERE>> -p icmp -j DROP

To drop pings, just add
/sbin/iptables -A CUSTOMINPUT -i <device> -p icmp --icmp-type 8 -j DROP

I think rc.firewall is the right place for these, or rc.local. Just remember to either reboot or source the script.

Cheers guys.

Nick thats the whole reason I am giving up on ipcop cos its command line editing, I like it all to be gui based point and click :D

FWBuilder is gui based from I have seen although the setup might involve command line.

Gedi is that correct or is it easy enough for someone who knows nothing about command line to install and setup?

Its pretty simple to install. Basic ./configure, make, make install is all (if I remember correctly)

You will need a pretty good knowledge base of network protocols and network operations as there are a lot of buttons to click on :)

Oh, just a guess but you may need GTK installed for the GUI (again, can't remember exactly)

Good luck mate - I wonder if the ipcop devel team would be interested in a better point'n'click gui?

Am I right in thinking IPCop uses an html style gui?

Yes Gedi it does but its not very good as a rule base editor and I want a proper rule base page.

Just looking at FW1 NG3 and :eek: its totally different to 4.1 :( Bit over the top for home maybe!

Have you tried Smoothwall? It is the original that IPCop project forked from. The latest version is pretty good, I have had one running on a client site for the last 2 years and it has only been rebooted a couple of times when I have applied patches.

Tuffer no I haven't, is it all gui based or does it need to be administered through command line?