Firewall Choosing

I'm looking for a light firewall that focuses on inbound protection and packet filtering, other than Look'n'Stop because it's not compatible with my games. (I used to use a router, but after a while it stopped working and it didn't share connections properly.) Any contributions or answers are greatly appreciated.

Edit: I'm sorry, I didn't know I posted this in the Other Anti-Virus section.

 

Try CHX-I/CHX-I and Windows Firewall.

https://www.wilderssecurity.com/showthread.php?t=198506
https://www.wilderssecurity.com/showthread.php?p=1182162

I think FadeAway has the Packet Filter Manual.

Note: CHX-I is not Vista-compatible.

thanatos

 

Ghostwall is another possibility.

Actually, it is possible to set up many rule based firewalls to do what you want by adding rules to allow outbound TCP and UDP communication for any application on any port, or a subset of all ports. This would not be hard with Kerio 2.1X or Jetico I (needs an extra rule for network access and disable the process attack table). There are probably a few others.

 

I have no problem with ZAAS. All online games work and its very easy to a rule or app. Also ZAAS or even ZAP has "game mode".

 

Yes, Ghostwall is the lightest:
http://www.ghostsecurity.com/ghostwall/
But you have to write your own Ruleset and then you can forget it, because you will not notice the Firewall anymore.

 

Well, I'm honestly not very advanced when it comes to firewall rules. Any available premade rulesets would be nice.

 

I spent some time putting together a package of info/data for those few
who are interested in trying CHX 3.0 packet filter.

The file includes:

1. CHX 3.0 installer
2. Wan_start ruleset (gets you started with basic SPI/DPI)
3. V.2.8.2 CHX-I html help file
4. V.3.0 CHX help file (mostly adds payload filtering info)
5. Various instructional screenshots taken from developer's website,
forums, and the CHX GUI.

All info in the package is/was available free on the NET.

Don't run Vista here, but I suspect that it will not work on that OS.

While no great mystery, it's not for users without knowledge of TCP/IP,
and basic understanding of rule writing for ports, protocols, & IPs.
You can write outbound blocking rules for those, but it is not an
application control firewall. There are, however, instructions in the
package for starting without the need for writing any of your own rules:
CHX SPI does it all.

I am not an IT professional, and learned it mostly from reading forum
posts, and by trial-and-error; and have never needed to use even half
of its full capabilities. Every question a home user could ever ask
is probably answered in one of the many CHX treads at Wilders. Try
the search box first.

I ran it for a long time on a direct connection to the Internet,
and nothing unsolicited ever got past it. Behind a router now,
I use it to write rules controlling ports, protocols, and IPs.
Its SPI/DPI & logging capabilities are unsurpassed in my experience.

Get the file:

HERE

 

Thank you. (Also, I'm particularly glad you uploaded it to Rapidshare, I have a premium account. )

 

I recommend CHX-I as well. It gives granular control over TCP (flags) and ICMP (codes), something that is rarely seen in a typical household firewall. Also keeps a state table for UDP and ICMP. And it is free. You don't have to be advanced user to handle it, but as FadeAway pointed out, some tcp/ip knowledge is needed. Just load wan_start and you should be fine.

BTW, I have 2 updated drivers, chxmpf and chxmpld, this was the last update to CHX 3 iirc. They have to be installed manually. If anyone needs them, feel free to PM me, I will post a rapidshare link in this thread.

Ghostwall comes with a default ruleset, you can run it out-of-the-box.

Cheers,

 

@ Seer

Why not learn a little bit about a Firewall Ruleset to make the Packetfilter better ?
If you use the default Ruleset, you can use the Windows Firewall, its the same.

 

IMO, Ghostwall (and CHX-I) is a tad faster than the Windows firewall. Also, they're more difficult to kill.

 

I agree, IMO using packet filters and changing default rulesets implies some knowledge on tpc/ip and on system in general. But many seek out-of-the box solution and regarding Ghostwall, it will allow browsing, software updates, mail, etc. with a default ruleset. It also has intuitive interface, if any additional rules are needed.

Windows Firewall is not a bad choice for a packet filter. It is efficient and unobtrusive, and if there's a need, an additional app can be added to control net access. Not everyone is willing to deal with ports and protocols and I do understand them.

Actually CHX drivers can be killed easily with a 'net stop'. Nothing wrong with that, of course.

Cheers,

 

Correct I was refering to the fact that the XP firewall is easily disabled changing the value of some reg keys (under admin account, one more reason to use LUA). A fair amount of malware is programmed to do that. How many malware will actually kill Ghostwall drivers if they can't even figure what they are?
Security through obscurity, you know

 

Yes, I included that little tidit of information in the CHX package,
but think you would agree that the odds against ever having malware
actually do it, are sufficiently high as to make it of little concern
for the average home user. It certainly has never bothered me.

 

OK- I hear what you say about LUA, but isn't it a pain to set up on an existing configuration?
Currently I am the sole user on my PC and obviously have been running as an administrator. If I try to create a new limited user account, I get a bare bones set up.
To get all my programs, settings etc set up & running as I want them do I have to go through the whole rigmarole of installing & configuring things to my requirements ? As an example none of my email settings are there when I run Thunderbird on the LUA.
Is there a`way to import existing settings and so on from the administrator's account, or is it possible to change the existing administrator's account to LUA and create a new admin. account? Would this not make it impossible to carry out the whole configuration as one presumably needs admin. rights to make the alterations?

 

If you're in XP, just create a new Admin account first (so you will have Admin access when needed), and then Change your existing Admin user account to Limited. Everything will be installed already, and most stuff should work.

 

A widely used application is prone to attack vectors more than the other one, of course. However, it is not hard to imagine a simple batch file that will kill both Ghostwall and CHX. A PoC.

A very good approach. But it also falls under a PoC category so it may be a concern to some/many.
BTW, congrats on 3000 posts

As I said in my previous post, me neither. Whatever the odds, I was never concerned with the ability of firewalls to "self-protect" from malicious actions, as it was never their job. It would be the same as to expect from such as "Notepad" to be able to "self-protect".

If one sleeps better under a LUA (or a HIPS/AV in admin account), then one of these should be used by all means.

 

Agreed

Thanks, I hadn't noticed that.

Couldn't agree more. With a simple limited account, your firewall is safe against unauthorized termination.

 

After looking more, I've found a very light firewall (WIPFW) which is a Windows port of FreeBSD's IPFW. I'm using it with a enhanced ruleset, and so far it hasn't interfered with anything while passing any IP probe test I try.