From that thread (http://www.wilderssecurity.com/showthread.php?t=182277&highlight=treeWalk) (that is too old to be replied to):-{ Quote: "ICMP state table (ICMP Pseudo SPI): On first look, from the ability to make the rule (for ping) outbound only, it would indicate state table, but the lack in logging of ICMP within 8signs makes this unclear at this time. (this was just a quick setup).

[...]

I will try to find time to make a better setup to check on this further.

EDIT:
While still setup I had a quick look at the TCP SPI,.... this is either very bad at logging or bad at filtering." }-

Hi Stem,

I don't know if you had intents and/or time to check this matter further, but I'd be very interested to know your findings on 8Signs filtering/logging capabilities and acuracy.

Or if it would be possible for you to provide me with a kinda simple procedure to guide me, I'd be willing to try to investigate it myself and report here my results for your reviewing...

Any ways, thanks for your help.

EDIT: Please note that the 8Signs more uptodate version is labelled as v3.0.37 at http://www.8signs.com/firewall/download.cfm, but it's confusing because the About window simply says version 3.03 while the binary file states v3.0.8.0307 and v3.0.4.1...
203090

Hi ruinebabine,

-{ Quote: "I don't know if you had intents and/or time to check this matter further, but I'd be very interested to know your findings on 8Signs filtering/logging capabilities and acuracy." }-

I will try and find some time to look at this over the next couple of days,


- Stem

Much thanks, Stem.

Hi ruinebabine,

I made a basic setup, but it is still inconclusive. The main problem is the fact that I see no logging of most of the invalid packets, but invalids such as null/xmas are logged.
This may possibly just be down to the fact that these invalid packets are not logged (but find that strange) as the sniffer is not picking up those packets.

I will need to make better setup with 3 PC`s so there is no possibility of conflicts with 8signs and the sniffers, and it will give me results I can fully trust.

As I will need 3 spare PC`s it will be another day or 2 before I can do this.

Sorry to keep you waiting.

- Stem

-{ Quote: "As I will need 3 spare PC`s it will be another day or 2 before I can do this.

Sorry to keep you waiting." }-
Hi Stem,

no problem at all here, feel perfectly at ease to take all the time you need before you go build this new experimental setup. I understand and am truely apreciative of the expertise time and dedication you freely give us. Since I discover this board, I'm amazed by all the educational knowhow you experts make available to us to benefit.

By the way, I tried some other firewalls those last months but I always go back to 8Signs! I spend many years with ConcealPF before and I just love how this kind of firewall allow me to learn just by tweaking their rulesets to no end. L 'n' S is also good (and I will probably buy a license to have a spair at hand if a need arised) but for now I just don't fell at home like with 8Signs. So, I'm really curious to read your results and see if my trust in this firewall filtering capability was/is well placed or not...