I have installed IPcop as my "project for the day".

I have it up and running. I didn't put it as my router/boarder device.
I just put it on the lan so I can try out some of the features of it.

At first, I was really impressed. The install was very smooth and I had it up and running within 20 min.
The logs are great. The services offered are way more than my cisco router can offer.

Afterall, it comes complete with a firewall, proxy server, IDS, dynamic DNS services, ssh, VPN, very small install with practically no services running, and it runs on hardware that people are just throwing away! The updates are a piece of cake! All seemed fine.

After a bit, I went to the information page. Its says that the IDS (snort) was not running. I go to the page to enable it and it was already enabled. The log didn't show it was shut down. I press save and it starts again. I look at the log and I see all the activity I was putting it against. (just basic stuff. port scans, nessus, etc).

I'm confused as to why snort keeps showing up as stopped after a while.

I haven't checked the processes yet. I'll do that next time.

Any ideas why?

Next:

The firewall.

You can't customize the firewall via the web interface. I can modify the rules by hand, or I can use fwbuilder and then load the rules that way, but I was surprised to find that I can't set them via the web interface.

Anyone know different?

I'd like to offer this product to a couple of my "buddies", but I like to try things out sucessfully before I do that. So far. I'm having "issues" with snort shutting down and the lack of customization of the firewall. I can work around the firewall.... but, snort (seemingly) shutting itself down is a huge problem.

Any input is greatly appreciated!