charincol
December 14th, 2005, 06:30 PM
This is a question mostly for Arup, Kerodo, and Jazzie (maybe even Phant0m since I'm using his rules) since you three seem to know the most about CHX-I.
Right now my "hardware" firewall/router is an older box that has a FreeBSD firewall installed on it called pfSense which can be found at http://www.pfsense.com. I use it mainly because of its excellent traffic shaping for VoIP. I have my computer, one for the kids, and my VoIP adapter on a switch behind it. The box has a 375mhz cpu and it handles 6000+ connections at a time (the most I've seen) when running eMule and bittorrent together without breaking a sweat. Obviously I have to turn off LNS's SPI because of it's 256 connection limit. I'm using Phant0m's rules with my own LAN and P2P rules placed according to Phant0m's recommendation so that all traffic gets filtered by most of his rules (because my rules are not at the top of the list).
I really like how LNS has the option to make it so certain rule(s) are only activated when a certain application is launched. Therefore, even though my hardware firewall accepts incoming connections for P2P and forwards them to my computer, LNS only accepts them when eMule or my bittorrent client is running.
What I want to know is if CHX-I has an a similar option to trigger a specific port when an application is launched. I would also like to know if CHX-I with the sample LAN rules and my own force allow rules for P2P would be more secure than LNS. I've gathered that CHX-I can handle thousands of connections and its SPI does more than just TCP/UDP.
If I start using CHX-I, I would probably just turn off the internet filter on LNS and just use the app filter instead of unistalling LNS. I am also wondering if AppDefend would be just as good cause that could possibly replace LNS's app filter and PG at the same time.
(Yes I do understand all the blah, blah, blah that this might be redundant and use more resources and all but i'm not concerned because when I boot my XP machine I have over 30 processes running and my RAM usage is aroung 155 megs. Only half of them are from Windows.)
Right now my "hardware" firewall/router is an older box that has a FreeBSD firewall installed on it called pfSense which can be found at http://www.pfsense.com. I use it mainly because of its excellent traffic shaping for VoIP. I have my computer, one for the kids, and my VoIP adapter on a switch behind it. The box has a 375mhz cpu and it handles 6000+ connections at a time (the most I've seen) when running eMule and bittorrent together without breaking a sweat. Obviously I have to turn off LNS's SPI because of it's 256 connection limit. I'm using Phant0m's rules with my own LAN and P2P rules placed according to Phant0m's recommendation so that all traffic gets filtered by most of his rules (because my rules are not at the top of the list).
I really like how LNS has the option to make it so certain rule(s) are only activated when a certain application is launched. Therefore, even though my hardware firewall accepts incoming connections for P2P and forwards them to my computer, LNS only accepts them when eMule or my bittorrent client is running.
What I want to know is if CHX-I has an a similar option to trigger a specific port when an application is launched. I would also like to know if CHX-I with the sample LAN rules and my own force allow rules for P2P would be more secure than LNS. I've gathered that CHX-I can handle thousands of connections and its SPI does more than just TCP/UDP.
If I start using CHX-I, I would probably just turn off the internet filter on LNS and just use the app filter instead of unistalling LNS. I am also wondering if AppDefend would be just as good cause that could possibly replace LNS's app filter and PG at the same time.
(Yes I do understand all the blah, blah, blah that this might be redundant and use more resources and all but i'm not concerned because when I boot my XP machine I have over 30 processes running and my RAM usage is aroung 155 megs. Only half of them are from Windows.)