Interview about IPCop future development
IPCop is a great firewall distribution: small, easy and secure. Many users use this Gnu/Linux distro to transform a normal pc with two ethernet card into a statefull firewall. In this interview we asked some questions to Gilles Espinasse, the IPCop's release manager:
1) First of all, can you introduce yourself and your position in the IPCop core team?
G.E. I am the release manager of v1.4 since v1.4.2. I had an adsl line, was looking for a solution to share the connection and was not happy with a small pc running w98 that need to be rebooted so many times.
I start to play with IPCop when 1.2.0 was released and speedtouch usb was the only model supported that I can find easily. As modems were very cheap on the second hand marked because ISP give them free to new subscribers, I buy one speedtouch usb and run IPCop with it. It was far more reliable. Then after, I work to make IPCop work with other adsl modems that I can find on the french market for cheap. After some times, Mark Wormgoor wich have done hudge work for V1.3 and next version give me access to cvs. Then Alan Hourihane take the lead and drive to v1.4.0 release and stop after 1.4.1. Somebody has to take the lead, I take the challenge.
2) Currently, how many developers work on IPCop?
G.E. Not enought. We are mostly 6 on a regular base. We have also some help from people that do not code actually but have written code in the past. We would need to have more people to make the documentation better and improve ipcop.org.
3) The 1.5 release will bring some important new features. Could you
give our readers some information of what users can expect?
G.E. Mainly 2.6 kernel (that mean drivers that are only on 2.6), multiples interfaces in the same category (red/green/blue/orange), new installer. We too will include some of the most important add-ons, openvpn, block out traffic, advanded proxy and url filtering.
4) Will It be possible for a user to upgrade a 1.4 release to a 1.5 version?
G.E. I would say yes for sure if you did not run IPCop with add-ons. I don't know yet if we will support the upgrade with some of the add-on that have been include. Everything have to be written but it is too early at this stage.
5) There are a lot of IPCop unofficial-but-usefull module on Internet. Do you plan to include some of them?
G.E. Yes it is already done for block out traffic and open-vpn. This will be done for some other add-ons. I understand there is too much add-ons and that the overall result is difficult to maintain for the final user. I am not so happy of this. Add-on have a very positive aspect that features are developed and released faster. But they have drawback, maintenance and compatibility on upgrade is problematic. We make a few work to be more add-on friendly. We define an interface for add-on text extension, replace header.pl on with a patch on upgrade. But this is not so well documented and I am not so sure it is know for all add-on developpers.
6) One of the best add-on to IPCop is CopFilter. What do you think about this module?
G.E. Personnaly, I would like to have this sort of feature include. But I don't know if all the core team will share the same feeling. Should we really stay only a firewall or could we accept more features like content filtering? Question is open.
For enterprises that could afford two machines, there is no doubt it is better on the security aspect to separate the firewall from content filtering. But for smaller structures and at home, integration is more requested.
7) It will be possibile, in the next IPCop release, to add, view and modify firewall rules using the web interface rather than editing /etc/rc.d/rc.firewall or /etc/rc.d/rc.firewall.local?
G.E. On the next version, we should take some effort on this. Mostly nothing is yet done, this is in to-do list.
8) Finally, I'd like to know which are the firewall distribution you like more?
G.E. I have not enought knowledge on others, working on IPCop capture most of my free time and I have mostly nothing left to study how others do.