URL Filter requires IPcop be installed and running first. The IPcop website has very detailed instructions on installation and configuration. The install process for IPcop only takes about 15 minutes and almost any old computer can be used because the system requirements are so low. (Should be in above paragraph?)
Installing URL filter
First, verify that SSH access is enabled on the IPcop firewall by going to the System Menu, selecting SSH access and enabling SSH access. Next, download the URLfilter installer to your computer and upload it to the IPcop firewall via SCP (secure copy). WinSCP is a simple and free SCP utility to upload the file. Remember that IPcop uses port 222 for SSH rather than the standard 22.
Log into the IPcop with an SSH client like Putty or log directly into the firewall at the keyboard. Use the root user id and password that was specified in the IPcop install process rather than the admin user that is used for the web administration page. Enter the following commands:
root@ipcop:~ #tar -xvf ipcop-urlfilter-1.9.1.tar.gz
root@ipcop:~ # cd ipcop-urlfilter
root@ipcop:~ # ./install
The URL filter will scroll through the installation steps on the console and verify that installation was successful.
Enable the web proxy
After answering yes to the installer script, URLfilter should be installed and accessible through the web administration page, although it will not be actively filtering web access yet. First activate URLFilter by going to the Services menu, selecting Proxy server and checking the following options:
Enabled on Green: This turns on the web proxy
Transparent on Green: This silently redirects web traffic to be processed by the web proxy
Log Enabled: Creates a log of all web usage, even what is not blocked.
Configure URL Filter
Next, go to the URL filter administrative web page, by clicking on the Services Menu again and selecting URL Filter. Remember, IPcop’s administration page is on port 445 (https://IpcopIPAddress:445.) URL filter is highly configurable with many options, but its simple web filter is easy to setup. Simply click the block categories that you want blocked. URL Filter will come with a small block list by default that it out of date. To update the filter list, scroll down to Automatic blacklist update and select how often the blacklist is updated and an update source. Weekly updates are fine for most applications. All four of the blacklist update sources in the dropdown menu are free. A commercial blacklist is available for a fee from URLblacklist.
Using larger blacklists like Shalia and University of Toulouse will increase the number of filter categories to choose from. After clicking update now, it can take up to two hours to download and prepare the blacklist for use, depending on your internet connection speed and how fast the firewall is. When the firewall is finished, it will display a last successful update message in the Automatic blacklist update section. The web administration page will probably time out before the list is finished.

Key Advanced Settings
After you have updated the blacklist and selected categories to block, there are a few options that most people want to add.
Under Block page settings
Show category on block page: When a page is blocked, this will show the user what web filter category had an entry that caused the site to be blocked. Useful for troubleshooting.
Show URL on block page: This will show the actual web address that triggered the web filter.
Under Advanced Settings
Block “ads” with empty window: If the ads category is selected, this will replaced the ad with a blank picture rather than the typical (what?)
Enable SafeSearch: This feature forces the SafeSearch option (what is this option?) on web searches at Google, Yahoo and other search engines. Even if the user de-selects the option, it will not be passed to the search engine. Viewing cached content from a search engine is a simple way of bypassing web filters.
Enable expression lists: This allows URL filter to block content based on a list of bad words in addition to its list of known bad sites.
Block sites accessed by an IP address: Almost no legitimate web sites are addressed by their IP address. This is another way of bypassing web filter and blocks users from typing something like http://10.105.4.5 into their web browser
Enable Log: This creates a record of all websites blocked by the filter and the IP address of the computer that requested the website.
After URL filter has been downloaded, has compiled a blacklist and has been configured with the desired options, web filtering can be enabled globally by checking the Enabled box under URL filter at the bottom of the Proxy page under the Services menu.
A more detailed explanation of the URL filter settings are available at the URL filter FAQ.
Tweaking URL Filter
Anytime the web is filtered, it is possible to get false positives and have a website blocked that should not be. Most of the blacklists are not created by hand, they are created by robot programs that crawl the internet and record sites with objectionable material much like Yahoo or Google crawls the internet to create their search indexes. To remove a site or web address from blacklist, go back to the URL filter web administration page under the Services menu and add the site to the Custom Whitelist section. If you want to allow the entire website (www.mydomain.com), add the site to the allowed domains section. If you want to just allow access to a page (www.mydomain.com/myFavoritePage), then add the address to the allowed URL sections.
With URL filter and IPcop, your firewall will automatically block inappropriate websites and log all internet usage.

Related posts:

1. Upgrade to an Open Source Firewall Firewall companies have a little secret that they do not...
2. Cisco sets End of Sale for PIX Firewall Cisco announced the End of Life for the PIX firewall...
3. Configure Policy-based routing with Route-Map Statements Route-maps allow to you deal with traffic on your router...

Related posts brought to you by Yet Another Related Posts Plugin.

Remote access VPN: Spend all of that time building a great home network and it doesn’t do any good once you leave the house. Virtual Private Network (VPN) allows you to connect securely to your network through any internet connection via an encrypted tunnel just like a corporate network. If your work will allow you, you can even create a vpn tunnel directly from your router to work.
Inline Antivirus and Antispam: The copfilter plugin for IPcop allows you to scan e-mail for spam and viruses as it is being downloaded before it has a chance to infect PCs inside.
Granular Firewall Control: Most of these firewalls allow you to control what traffic comes in or even out of your network. Traffic to a webserver at your house can be allowed from just work or you can block applications from leaving your network.
Captive Portal: With a captive portal, the firewall intercepts web traffic and forces users to login via a web page before proceeding to the web page that was requested. This is useful for tracking individual user web traffic where people share computers. Wi-Fi hotspots often use captive portals to lead users into registration and payment pages.

Updates and new features: Firewall manufacturers don’t like to update their software after you buy the router. Instead, they would rather you buy a new firewall for those new features so they can make more money. In contrast, these firewalls are actively maintained and new features are released as they are finished or needed.
Here are six of the most popular firewall software packages.
IPcop – Ipcop is one of the most commonly used small office and home office firewalls available. It has been around for many years and boasts a simple and intuitive interface with some of the most humble hardware requirements. In addition to the standard granular firewall, IPcop offers a web proxy that caches web traffic files to speed up the internet and log web traffic. Intrusion detection software detects hackers, basic QoS manages traffic and VPN creates secure connections.
In addition to the base feature set, there are several unofficial add-ons that extend IPcop’s features. Advanced Proxy adds complete control and authentication to the web proxy and URL Filter adds web content filtering. Copfilter adds antivirus, antispam and web privacy filtering. Installing add-ons may increase system requirements.
Monowall – This is the lightweight of the firewall distributions. It requires a mere 5 to 6 MB of space to run. Monowall can run from a compact flash disk or a cd-rom so that no hard drive is required. It supports specialized micro PCs that are the same size as most home routers. This firewall is based on BSD Unix which has a reputation of being one of the most secure Linux/Unix distributions available. Monowall offers advanced NAT (Network Address Translation) and QoS configuration. Many users delpoy Monowall for its captive portal functionality, which forces users to login through a web page before surfing the internet. Because of its small stature, there are almost no add-ons or modifications and web content filtering is not available, but it supports the built-in Windows VPN client in addtion to the standard branch office VPN. Monowall can also act as a wireless access point.
Pfsense – This is the big brother to Monowall and uses some of the same software. It takes more space but offers almost all of the bells and whistles that a firewall can including support for two internet connections and redundant firewalls. For example, one firewall will take over for another firewall that has failed. Modifications and add-ons are available for PfSense. There is commercial support available. It also runs on micro PCs like Monowall.
Endian – Some developers took the IPcop software, made improvements and made the product commercial, it still retains an open source option that is free for people to use and test new features. Content filtering, antispam, antivirus, and VPN are built in. Essentially, Endian is like IPcop with all of the main addons already installed and a slick interface
Smoothwall – Like Endian, Smoothwall is a commercial firewall that had its roots as an open source project. They still retain an open source version for people to try out. IPcop actually branched off from Smoothwall early on, so they have commonalilties, including add-ons. Smoothwall has one of the most polished and intuitive interfaces, but some advanced features like VPN and web filtering require an upgrade to the commercial version.
DD -WRT – This is a firmware replacement for several home wireless routers that enables features not supported by the manufacturer like granular wireless control, QoS, increased connection limits. The benefit of this project is that it uses inexpensive off the shelf hardware that may already be lying around the house. A complete list of DD-WRT supported hardware can be found at their website
Why is the software free?
In many cases, people write the software for the challenge or fun of it. In other cases, it is part of their job. Many businesses pay their software engineers to write open source software in the hope that they will get assistance from other engineers around the world in development and testing. Endian and Smoothwall firewalls release a free version of their software as a test of their commercial product. Pfsense releases a free firewall but offers fee-based commercial support.
How hard is it to upgrade?
Most of the firewall packages listed here are designed for average computer users with moderate knowledge. In many cases, there are extra knobs and buttons underneath the web administration if you are into that, but looking under the hood is not needed for normal usage. In most cases, the installation process is simple and the developers maintain detailed instructions on their web site. A basic knowledge of small networks is helpful.
What about that commercial support?
Commercial software clearly has the advantage here for support. None of these firewalls have a 1-800 number to call for help, especially for free, but that free help is often worth just what you pay it–nothing. But there is help for these free firewalls. All have detailed documentation and many have message boards where you get help from other users and even directly from the software programmers. Users almost never enjoy that type of access to the developers in commercial software.
Finding the right hardware:
The software is free, but you do have to find your own hardware. DD-WRT uses off the shelf home routers that can be found at most computer stores The hardware requirements for the rest of the firewalls are quite low so almost any old computer will do. An extra network interface card is needed for basic connectivity and a wireless card can be added to make the firewall a wireless access point also.
Monowall and PFsense have the most flexible hardware requirements since they can run on micro PCs, directly from CD-ROM without a hard drive or a compact flash card on an old computer. IPcop can be installed on a PC with a standard hard drive or compact flash card. The free version of Endian must be installed to a computer with a hard drive.
Buying a commercial firewall with these same features can cost hundreds of dollars, but the same software can be downloaded for free and installed in an afternoon.

Related posts:

1. The Value of Open Source Firewalls I found this article on Associated Content that describes several...
2. Create a web filtering firewall with IPcop and URFilter With the URLfilter addon installed, an IPcop firewall can be...
3. Cisco sets End of Sale for PIX Firewall Cisco announced the End of Life for the PIX firewall...

Related posts brought to you by Yet Another Related Posts Plugin.

Related posts:

1. Upgrade to an Open Source Firewall Firewall companies have a little secret that they do not...
2. Create a web filtering firewall with IPcop and URFilter With the URLfilter addon installed, an IPcop firewall can be...
3. The Value of Open Source Firewalls I found this article on Associated Content that describes several...

Related posts brought to you by Yet Another Related Posts Plugin.

[tags]IPcop, Monowall, Pfsense, linux, Smoothwal, firewall, web filtering[/tags]

Related posts:

1. Upgrade to an Open Source Firewall Firewall companies have a little secret that they do not...
2. Create a web filtering firewall with IPcop and URFilter With the URLfilter addon installed, an IPcop firewall can be...

Related posts brought to you by Yet Another Related Posts Plugin.

First boot or reboot the firewall,. When you see the “loading/boot…” message appear, press any key to interrupt the boot cycle.
Next, you will see the Boot: prompt. Type in the following command:
bsd.sw.admin -w
This will boot the firewall into Administrative/Maintenance kernel.

Hit Enter to mount and check all of the file systems. Clean file systems are always a good thing.

After that, use the following command to change the password:

cf adminuser modify user=name password=password

And to reboot into normal mode, type: shutdown -r now

WidgetBucks – Trend Watch – WidgetBucks.com

Related posts:

1. Reboot a remote XP Workstation via Remote Desktop I rarely write about Windows, but this minor annoyance was,...
2. Gathering Netflow data from the CLI on Cisco (How-to) Netflow data is one of the coolest things that Cisco...
3. Create a web filtering firewall with IPcop and URFilter With the URLfilter addon installed, an IPcop firewall can be...

Related posts brought to you by Yet Another Related Posts Plugin.