Discussion in 'Other Ghost Security Software' started by happy_gw_user, Mar 20, 2008.

Thread Status:
Not open for further replies.
  1. happy_gw_user

    happy_gw_user Registered Member

    Mar 20, 2008
    May be I am little slow but what I found on GhostSecurity
    site (GhostWall help) and from forum debate, I think it is not
    quite exact explanation how GhostWall operates.

    In absence of any guide that explains EXACTLY what happens
    inside GhostWall box I started experimenting and this mini
    exact guide is result.

    I hope it will help others as it's helping me,
    so I'll put it here.

    Feel free to correct it (especially if you are author :),
    if you find omission of any kind, also feel free to extend it.
    There are no distribution restrictions and
    no warranty of any kind.

    Thank you people.


    1. Every packet passing through all network adapters
    is checked against rule list.

    2. Checking is executed in top to bottom order.

    3. First rule which matches checked packet, takes an action
    (ALLOW or BLOCK) and no more rules are checked
    for that packet.

    4. If omitted last COMPLETE BLOCK or COMPLETE ALLOW rule, then
    COMPLETE BLOCK is assumed (every packet which does not match
    any rule from the list are blocked).

    5. If Windows firewall is also active then:

    - incoming packets are first checked against GhostWall rules
    and if matched with ALLOW rule they are passed to Windows
    firewall, if matched with BLOCK rule the packet processing

    - outgoing packets are first checked against Windows firewall
    rules (which, as of XP SP2, does not block any outgoing
    traffic) then packet is checked against GhostWall rules
Thread Status:
Not open for further replies.