First time configuration
Before BOT can be activated we have to configure the PC which will be used for BOT
administration.
In the IPCop WebGUI goto Firewall -> BlockOutTraffic, you will see following:
You have to enter the BOT settings:
Admin MAC:
This has to be the MAC address of your (workstation) PC where you administrate BOT
from.
HTTPS Port:
This has to be the HTTPS port of your IPCop Webgui.
BOT creates a 'default admin access rule' with the MAC as source address and IPCop and
the HTTPS Port as destination to guarantee that you don't get locked out from IPCop
Webgui. This is the reason why you have to enter 'Admin MAC' and 'HTTPS Port' here.
Connection state:
BOT will allow traffic which belongs to a related or established connection if you enable
this option. When you use Port-Forwardings (for example to an internal webserver) you
should enable this option.
Logging:
BOT will create logging rules for traffic which has not matched one of your BOT rules if
you enable this option.
Default Deny action:
Here you can select whether BOT should DROP or REJECT traffic which has not matched
one of your BOT rules.
Advanced Mode:
When you enable this option you will have more options to customize BOT rules. But be
warned you can open your firewall in advanced mode! You should only select this option if
you have deeper firewall knowledge.
When you hit 'Save' the settings are stored and you can start defining BOT rules and other
usefull features. Additional (advanced) features can be configured when you goto Firewall
-> Advanced BOT Config in the WebGUI:
First you should define some custom services, you can select those custom services later

The firewall options are grouped into following categories: source, destination, additional
settings and timeframe (if the rule should only be activ at a specific time).
So to allow the (green) network PCs to use the IPCop services select as source:
 Default interface: Green
 Default networks: Green Network
and as destination:
 IPCop access
 use Service and Service Group "IPCop services" (the one you defined in advanced
BOT config before)
The rule has to be enabled and optionally you can enter a comment.
There are two ways to proceed now, you can hit [Next] or [Save]. With [Save] the rule will
be saved and added at the end of your list of BOT rules. With [Next] you will get an
overview of the rule options and the possibility to select a position in the list of BOT rules
where the rule will be inserted.
class="bi x0 y49 w5 h7"
If you have hit [Next], you will see this:
You can go [Back] if you want to change an option or hit [Save] to save the rule at the
specified positon. At first the position is not that interesting but later, as soon as you have
many rules, you may want to insert a rule at a specific position.
The rule is saved and you will see the overview of your current rules:
So the IPCop services available for internal (green network) PCs now. Next create a rule to
allow some internet services.
Hit [New Rule] and select the following options.
As source:
 Default interface: Green
 Default networks: Green Network
As destination:
 Other Network/Outside
 Default networks: Any (the PCs are allowed to access all internet addresses)
 Enable Services

BOT config at the beginning)
That's all, we are done. Your list of 'Current rules' should now look like this:
class="bi x0 y76 w3 hc"