Strongest Inbound Firewall

I'm using Look N Stop right now. Is there a firewall that offers better inbound protection? I mainly want to use this laptop at coffeeshops and airports. For outbound, I use Malware Defender, is this sufficient?

 

Inbound they are all the same.

 

Much depends on your ruleset. With that said, because LnS lets you create the most detailed stateful rules of all the firewalls I've used it would get my vote as the strongest.

 

Im also a huge fan of LnS. I was having issues printing from within my own network due to LnS being so effective.

 

Cudni is right, for inbound, they are all about the same. They either stop unsolicited inbound traffic, or they don't. For that matter, Windows Firewall would be sufficient for a laptop....

 

They are not all the same, a few have IDS which scans the inbound traffic.

 

... and produce about a gazzilion of false positives in one week. I tried IDS a couple of times. This technology is really a grand fail, with the time required to at least partially mute all those loads of completely pointless noise way exceeding the esoteric protection you would get from the feature.

 

IMO IDS is only really needed for servers...
If it's just for a home enviroment, A decent router with a Firewall\NAT should be sufficient.

Knock on the door, someone's home but they aren't answering unless you have an invitation
Actually that kind of reminds me of the realatives

 

Why would you state that?

It is strange that most, even on this forum, do not understand the workings of a packet filter firewall. Probably too much concern about "leak_tests"


- Stem

 

Inbound protection is not just about blocking inbound to closed ports or blocking unsolicited. Inbound protection is also about filtering replies to outbound requests.


- Stem

 

Windows firewall does not filter ARP. OP mentioned airports and such.

I am not aware of any actively maintained personal firewall that offers better filtering than LnS. It is perfect for your scenario, you just have to use it properly.

Cheers,

 

Hello:

Laptops at airports and coffee shops need better firewall protection than desktops at home behind a router.

I respectfully suggest you do a bit of reading on the stickies at the top of this forum explaining how firewalls work and what their purpose is.

Malware defender is NOT a firewall product. It scans for parasites AFTER the fact. It probably is 50-60% effective at best but that's a guess.

If you haven't the time or energy to learn FW's get someone who does to set it up for you OR turn off you laptop in public and wait til you are hiding behind your router.

In the mean time hold on to Look N Stop and keep it up to date

Good luck


PS I hope you have your setup backed up on a regular basis.

 

It does have (very) basic network access:-
Inbound/outbound-> TCP/UDP/RAWIP-> Remote address-> local/remote ports.


Not much different to some 3rd party firewalls I have seen in the past.



- Stem

 

Hola Stem-sensei,

Your comments re FW carry a lot of weight with me & my outfit. Now that you have commented herein as to comments by others, PLEASE answer OP's question -- as I have somewhat modified it below. . .

Stem- Please name a few of the packet filter firewalls that DO provide "strong" protection. Of these, which is easiest for an "average user" to configure & use?

 

Hola bellgamin,

Its been quite a while since I have tested any firewalls, so I do not believe I should make recommendations/conclusions based on (what is possibly) out_dated info.


- Stem

 

How 'bout an educated guess? ...

L 'n S (Look 'n Stop)
Jetico 2
Outpost
Windows fw

...in no particular order.

the easiest if it's only inbound required would have to be Windows fw. After that, maybe Outpost.

 

There are a lot of "ifs" below:

If I didn't use a router, and...

If I wasn't using a conventional personal firewall (with application filtering), and...

If I wanted a firewall on same computer that didn't include application filtering...

...I would probably use CHX-I.

 

Any real reason to leave LnS? Because mind you, it is really strong enough plus extremely light and configurable.

 

Hello Stem:

Thanks for the info on Malware Defender.

It's good to see you posting a bit!

 

A comparison of some firewall features from almost three years ago.

http://www.mntolympus.org/SPFSPIFWS.html

What's the most important feature? Don't know.

How do these firewalls stack up to Windows firewall? Not sure.

 

I respectfully suggest you do a bit of review of the stickies at the top of this forum explaining how firewalls work and what their purpose is.


There are 2 major issues to consider.

Are you concerned about controlling yourself which applications can connect to the www or not.

Do you have the time, energy, interest to work on rules that meet your needs?


If you do then you have some work to do.

In the meantime get behind a router even if you only have 1 PC.

This gives you a Hardware Firewall for incoming packets.

 

Like the OP I was seeking info on what firewalls provide solid inbound protection. At least I wanted to make sure I wasn't down-grading from Windows firewall.

Perhaps someone can fill in the blanks for each category for the Windows firewall which were taken from the link I posted.

SPF engine type: ?
Stateful-like over Connectionless IP Protocols: ?
DHCP, DNS stateful protocol analysis: ?
ARP packets' inspection: ?
SPI Application-layer supported protocols: ?

I have had experience tinkering with rules on Kerio 2.1.5 and (Jeticio v.1 which completely confused me). But now I Seek a firewall that will be used outside the home on public networks, works on a LUA, HIPS - not required, outbound filtering not necessary. LnS looks to be the primary candidate atm but I am also interested in trialing some free ones if they are worthy.

 

Does Online Armor 5 Paid or Free have all of the above features?

I upgraded my Home Network with this Firewall a few months ago. I hope that it has all of the above features.

http://us.zyxel.com/Products/Details.aspx?CategoryGroupNo=F5C2FDD7-B829-4990-9DA7-11E3E6B3A2EE

Thanks in Advance.

 

Wish Phant0m would update that info.
Maybe we can at least ask the vendors to fill the gaps? Maybe they'll lie, maybe not, but it's a start.

 

If you're using Windows 7 or Windows Server, open elevated terminal and run this command ...

netsh wfp show filters file="C:\filters.xml"

Edit "filters.xml" and read the currently active WFP filters on your PC.

To understand a little better what is written within the file, might find help here :

http://msdn.microsoft.com/en-us/library/aa366492(v=VS.85).aspx

have fun ...