IPFire security

Currently testing out this firewall distribution in a Virtualbox VM. So far I'm satisfied; it looks very easy to configure for my needs, but has many more (useful) features than my ancient budget router's firmware - connection logging, a transparent caching/filtering proxy, etc.

However, I have to ask about how secure this distro actually is. The kernel seems to be a vanilla 2.6.32 version with backported patches, a la Debian. The default settings look sane, but is "sane" enough for a firewall machine? Even for home use?

So I spent the last few hours configuring an old laptop as an IPFire router... Ran into a bunch of problems.

- I tried to use the old cheapo router as a switch (with the DHCP server turned off) and it blocked access to the IPFire machine. I think this is because I hooked up the WAN port to the IPFire box instead of a LAN port, but can't confirm tonight.

- I have a static IP registered with my ISP. The old router worked fine configured for that IP, but the same numbers fed into IPFire resulted in no connection. Not sure why.

- It looks like neither static IP info nor the DHCP client can be controlled from the web interface... I suspect I'm missing something though, because that would be a major feature hole.

Don't be too harsh please, I'm relatively new to this networking stuff. Anyway I've reset things with the old router for now, I'll get back to it when I have the time.

[mack_guy911]

i didnt use ipfire but i have used endian (based on ipcop + copfilter)

http://www.endian.com/us/

for 2 years

well its all start form smoothwall then ipcop comes which is based of it

it has many addons most popular one is copfilter

so endian is 1st come with ipcop+copfilter (i guess Ipfire is pretty much same like endian)

http://www.wilderssecurity.com/showthread.php?t=283905

but if you looking for more i say check

untangle astaro or pfsense

Haven't seen much about Endian. Looks more heavy-duty? I might try something else, but it will probably have to be Linux, not BSD like pfSense - the old laptop in question has serious ACPI problems under BSD.

[mack_guy911]

i used to run old endian on 256 ram + p3 system after that i upgrade my system dual core and install astaro UTM

i guess i need 512-1gb ram if run full features

Got it! It wasn't connecting to my ISP because the cable modem had to be rebooted.

Anyway it's working very well right now.

Edit: and wow it's picking up a lot of weird stuff. e.g. a bunch of different IPs are methodically attempting to connect to the same series of high ports, and they all have the same MAC address.

[curious george]

I was actually looking into using linux as a firewall...however, i was wondering if there were any that would allow a 3rd party app to install. I would like to bring in an a/v of my own choosing instead of using the free clamav.

[ComputerSaysNo]

Quote:

Originally Posted by Gullible Jones

Edit: and wow it's picking up a lot of weird stuff. e.g. a bunch of different IPs are methodically attempting to connect to the same series of high ports, and they all have the same MAC address.

Yeah it's pretty surreal the amount of port scans you get. I stumbled upon a botnet coming from my own ISP last time I checked the logs, guess what equipment they were using Hawuie. Chinese Junk, I bet it was compromised.

[smallhagrid]

I've been using IPFire for months now and I'm very happy with it.
Before settling on it as my preference I tested a great many others, and decided it was the best choice for what I wanted.

If anyone wishes to read of that adventure, I posted about it here:
http://www.linuxquestions.org/questi....php?p=4796426
(It took until post #24 for me to be using IPFire, it is a long thread and checking all the distros took me quite a lot of work & time...)