I understand both these inbound rules based FWs / packet filters have their own devotees, but i'm curious as to:
Efficacy of one vs. the other.
User friendliness (don't mind reading the manuals and massaging rules, but I've no desire to make a hobby out of it).

Just use CHX. It's hands down 10000 times better.. All you have to do is try out each one to see the difference..

I also prefer CHX...

I'm using Ghostwall right now and, while there's a few things I would change, I like it. Those of you who use CHX, in what ways is it better than Ghostwall and what do you use for outbound protection? I heard good reviews on CHX but that lack of outbound control has kept me from trying it.

Just take the taste test and you'll see. Ghostwall has no outbound either, so I don't see why you hesitate on CHX. I am not using either right now, just a router, and I don't worry about outbound. If you are concerned about it, there are things you can do, such as run ZA with it and turn off internet filtering, just using it for app control. If you don't want to use another firewall, you can also run something like AntiHook and try to catch the nasties that way too, before they even dial out. Best thing is to just be safe as possible.

GhostWall also doesn't have outbound protection...

CHX works very deep on your system, as a device, isn't so easy to configure, but if you have the right rules...

At the same time, Kerodo :)

Yep, greetings VC! ;)

Perhaps I have my terminology wrong. I'm okay with no app control. But I can restrict which ports my system can call out to with Ghostwall. I can do this with CHX also?

-{ Quote: "Perhaps I have my terminology wrong. I'm okay with no app control. But I can restrict which ports my system can call out to with Ghostwall. I can do this with CHX also?" }-
Sure :)

You can set rules for inbound and outbound connection... :)

Ah thanks, I think I will try it then. I'm reformatting soon so now's the time I try everything out. I don't know about anyone else, but figuring out the ideal set of rules for my setup is fun. :D

You will like it a lot I think. It runs extremely light, has abundant features, uninstalls cleanly also, so no worries if you decide against it. Well worth the try. Check out the online documentation also for a good overview of it. Then start with the sample rule set on the site and expand it to suit your needs. Make sure to also turn on SPI for all protocols in the Interface Properties tab.

http://www.idrci.net/

3.0 beta works very well also..

CHX's flthook.sys runs at a deeper level in the kernel than Ghost and because its not in task manager, its also harder to terminate, otherwise, Ghost has a easier interface to make rules and also runs light, but as far as performance goes, remains to be seen, I have run CHX on super heavy traffic servers and corporate and university systems and it did not choke at all.

-{ Quote: "
http://www.idrci.net/

3.0 beta works very well also.." }-
I've already had it downloaded. :D

CHX is sounding very good.

Oh, and to answer the original question: Ghostwall has a default set of rules, so it's ready to go out of the box. I just found those rules to be too "relaxed" for my liking. I like my restrict rules to be defined as broadly as possible and my allow rules to be as narrow as possible without them interfering with my comp's legitimate functions.

Brinn,

Do download the sample rulesets too, gives you a very good starting point.

Remember with CHX-I as soon as you create an allow rule it assumes you want to block everything else... this is a great facility to avoid unintentional holes.

I think I may have to give CHX a pass for now. I wrote a ruleset that covers the same bases as my Ghostwall set. It would work fine while I surf but then nothing would load up. The only sure way for me to get things going again was to delete the filters and reload them. Exact same filters. I think CHX would be far and away the better choice for me if I could get it to settle down.

-{ Quote: "I think I may have to give CHX a pass for now. I wrote a ruleset that covers the same bases as my Ghostwall set. It would work fine while I surf but then nothing would load up. The only sure way for me to get things going again was to delete the filters and reload them. Exact same filters. I think CHX would be far and away the better choice for me if I could get it to settle down." }-


Welcome to the Club.
Regards
joter

Brinn,

go to this page, and try the second samples ;) Works very nice here, on wireless interface I had to disable the "Deny Igress filters" rule for now, but I have to look better at this...

http://www.fluxgfx.com/ssc/showthread.php?t=140

I don't want to make up rules either. Is there a sample rule set (link please if there is) that'll make one stealth like GhostWall? For GW all I had to do was add 1 rule to cover ports 0-1. And that rule was provided by a kind fellow from here. I'd like to try CHX but I want to be stealth. Btw is CHX 3.0 freeware like GW? Thanks.

Edit: To be honest, reading here & on the IDRCI site. I have little to no idea which product applies to my situation. If it does at all. I'm a single home user, not operating a server. I just want optimal protection. It seems on the site all those products are networked, server based or mail server designed.

zapjb,

look at my previous post... ;)

http://members.shaw.ca/BIND-PE_and_ICS/chxi/2.6Filters.zip

http://www.idrci.net/downloads/samplesets.zip

For the second one, use Workstation for regular PC. Either of them would give you full stealth, mind you, even for solicited UDP, you would have to create rules in CHX, thats its beauty.

-{ Quote: "Brinn,

go to this page, and try the second samples ;) Works very nice here, on wireless interface I had to disable the "Deny Igress filters" rule for now, but I have to look better at this...

http://www.fluxgfx.com/ssc/showthread.php?t=140" }-
I don't think it's the rules. I've used my own, downloaded some 3rd parties, tried the sample ones on CHX's site. I've had that locking up problem with every one of them. First it would work, then it wouldn't. I would delete the filters, reload and the same problem would occur after a few minutes. It may have something to do with the install. It wizard had a problem with one of the .dll's. I forced the wizard to continue (bad idea in retrospect). I've since uninstalled and reinstalled several times but that didn't fix things. It appears that the uninstall isn't as clean as I thought it'd be. My settings and whatever filters I was using in the previous install would still be there when I reinstalled.

H_K_L_M Software, delete the IDRCI key, btw, CHX uninstalls the cleanest as compared to all other out there except for Kerio 2x. Never had any problems with its instalations and even others running CHX never experienced this kind of problems.

I cleaned out the registry as best I can and reinstalled but the problem persisted. It doesn't matter how many people are trouble-free with CHX. If it doesn't work on my comp, it doesn't work on my comp. I'll give it another try when I reformat on the weekend but for now, I'm sticking with Ghostwall.

Brinn, when you reformat, put CHX on first, before anything else firewall-wise, so you can be sure there are no remnants from another program causing problems. If it doesn't work after that, then there is truly some kind of incompatibility going on there. In that case, you'll just have to go with what works...

Have you checked under hidden system devices for any remnants of previous firewalls, most tend to leave behind entries, functional or non functional, they have a tendency to clash, as for using Ghost, thats your prerogative, but can't blame CHX if it doesn't run on your particular system,whatever the reason might be.

-{ Quote: "but can't blame CHX" }-
I'm not blaming anything. I'm just saying it's not working on my comp. I'm hoping the problem will be fixed with a reformat. I really like what I see with CHX.

Brinn,

Can you tell me what you see in your CHX logs for now?

Right now, CHX is uninstalled. I'm confident that CHX will work after the reformat. If not, I'll try to post logs then.

Okay, I think I've figured it out. I looked over my logs and it seems that I needed to make a rule to deal with ARP traffic between my ethernet card and (I think) my cable modem. I hope that's what it is and that I'm not leaving a gaping hole in my rules.

Brinn, ARP is only needed if you are on wireless and for that, you need the CHX 3 beta, not the release 2.8 as it has no ARP support.

-{ Quote: "Brinn, ARP is only needed if you are on wireless" }-ARP is used (and required) on wired (Ethernet) networks also - it provides the IP-to-MAC address mapping necessary for running Internet Protocol over Ethernet.

-{ Quote: "ARP is used (and required) on wired (Ethernet) networks also - it provides the IP-to-MAC address mapping necessary for running Internet Protocol over Ethernet." }-

Agreed, but I was under the impression that ARP protection is mostly needed on Wireless, even ZAP and other firewalls have ARP protection disabled by default.

Brinn,

did you tried the samples on the link that I suggested?

Try them...

-{ Quote: "Agreed, but I was under the impression that ARP protection is mostly needed on Wireless, even ZAP and other firewalls have ARP protection disabled by default." }-LANs with untrusted users (e.g. university/workplace LANs) would benefit from ARP protection also, though it can cause problems for some situations so is best disabled by default.

-{ Quote: "Brinn,

did you tried the samples on the link that I suggested?

Try them..." }-
I've tried the ones you linked. I keep running into the same problem unless I specifically allow ARP traffic.

-{ Quote: "I've tried the ones you linked. I keep running into the same problem unless I specifically allow ARP traffic." }-
That samples already have the ARP rule...

-{ Quote: "That samples already have the ARP rule..." }-
Hmm... the ARP rules I made have my specific MAC addresses. It's working fine so I don't see an urgent need to go back to recheck. This is one powerful program. I look forward to learning how to use it better.

Yep, very good ;D