Looking for Preliminary Info

[Just Looking]

I am considering switching to L'n'S from Kerio Personal Firewall 2.1.5. I would appreciate info re whether L'n'S can do two things that kpf cannot do, i.e.,

1. Conceal the OS (and its version) running, and

2. Conceal the type and version of browser employed.

In addition, a highly desirable feature would be the user's ability to incorporate several IP addresses/IP address ranges into IP address groups and use the latter in writing firewall rules so as to avoid repeating a rule for each IP address/IP address range of interest. Kpf 2.1.5 allows the definition of one IP address group only and this is far too little for me.

Thanks.

[gkweb]

Hi,

Quote:

1. Conceal the OS (and its version) running, and

2. Conceal the type and version of browser employed

Look'n'Stop is a firewall, and those features are proxy's ones, even if many firewalls offers this kind of feature.
There is many free proxy like software like proxomitron which allow you to do this, and they work nice with Look'n'Stop.

Quote:

In addition, a highly desirable feature would be the user's ability to incorporate several IP addresses/IP address ranges into IP address groups and use the latter in writing firewall rules so as to avoid repeating a rule for each IP address/IP address range of interest. Kpf 2.1.5 allows the definition of one IP address group only and this is far too little for me.

Look'n'Stop does not have "groups" but allow you to import rules from the forum/website or by users sharing their rules.

If you don't know what to do, the 2.05 final version is a 30 day trial, and available there :
http://www.wilderssecurity.com/showthread.php?t=29355

regards,

gkweb.

[Just Looking]

gkweb,

Thanks for the info.

Quote:

Look'n'Stop does not have "groups"

Just to avoid misunderstandings, let me clarify the above by way of a couple of examples.

1. I use Norton antivirus. Each time the respective Live Update module wants to connect to the internet to update the virus definitions, I check the respective IP address popping up and, if it is genuine, I write a firewall rule allowing the respective connection thereafter. Unfortunately, the Norton LIve Update wants to connect to different IP addresses at times. This forces me to write multiple rules for the same task. Following a recent relocation, which made all previous such rules useless, I had to write 18 new rules for the Norton Live Update alone. Then there is Windows update,..., etc. Granted, the number of rules will be reduced significantly if I use a Whois tool to discover the IP address range a given IP address belongs to and write my firewall rule for this IP address range rather than for a single IP address. However, while this controls the multiplicity of such rules, it does not eliminate it altogether and this results in bloated rule sets. These become slowly but surely difficult to keep track of.

2. During our surfing, we all run occasionally into IP addresses which we want to block for ever after. Again, writing a separate rule for each such IP address/IP address range is cumbersome leading inevitably to ruleset bloatedness.

Well, how does L'n'S handle such cases? Is it one rule for each case or are there techniques to allow trimming down the ruleset? Pls note that importing ready-made rulesets is something that I would not consider.

Thanks again.

[gkweb]

Ok, i have understood your concerns.

Look'n'Stop allow you to do what you whish, but may be not like you would think.

First, in the rules themselves, you can allow a range of IP addresses (from IP1 to IP2) or two different IP (IP1 or IP2).

However this is not what you want since you can have many different IP.

Second, you can allow with a global rule the traffic toward the remote port, all IP (e.g LiveUpdate + browser : port 80) and then in the application filtering tab, double click on the program whished and enter the IPs it can access, like this :

IP1;IP2;IP3; ....

There is a limit between 15 and 20 IP if i remember right however.

About the fact to block many IP for ever, besides the above possibility, it's already a feature request to have permanent banned IP, to be read from a file, or from a special tab for this purpose.
You can add your features request in the post about the new 2.05.

regards,

gkweb.