Who wants another firewall?

First, CHX did not simply died. It was swallowed by another company, evolved into a corporate product with all the bells and whistles which in turn was swallowed by an even bigger corporation and still lives as part of an enterprise business product, a module that probably nobody knows about.

But payload filtering was, in my opinion, the greatest feature of CHX and it did and still does run perfectly fine today (I'm still running it in my XP machine).
I'm not sure about the other firewalls out-there, but is definitely one of the few that can alter the TCP traffic with variable-length data and operate on the stream in transit (ex. gateway).

 

Actually, the lower you go down the OSI model (the closer you get to binary), the simpler the protocols are. But I agree, it is not a bad idea to start with something a user is already familiar with.
I was just pointing out that Kerio is far from being an ultimate packet filter, and in no way should be used as a sole reference. It can be used as a reference, but IMO it is more of a museum exhibit than anything else. A reminder of how things were once done.

Well, if you wish to control traffic in such a way that the packets carrying payloads of keyloger.sys are dropped dead on an attempt to enter your system (so you don't have to rely on anti-leaktest outbound mechanisms or antimalware scanners), you would have to employ some kind of DPI. Basic can't help in this case, this is advanced as it gets.

Ouch. 3rd reincarnation.
I certainly don't know about it, never heard that story.

Take a look at Injoy firewall. Pro version trial is fully functional for 30 days and it is well documented.

Cheers,

 

I 'd love to see CHX-I reborn.

Panagiotis

 

Yes, please. This would greatly interest me as well.

 

Oh, I don't know... maybe to prevent it from spreading elsewhere and/or stealing your email/passwords/private data.

 

Been hunting for a firewall lately, and.. depressing.
For some reason, i avoided Comodo, the usual choice for me. The whole Defense+ installed/not installed/"it's still there" is to blame mainly.

Kerio 2.1.5 would be awesome, but SP3, hibernation..
Trying out the beta 4.7, lets see.

The only firewall that's being actively mantained as such, is LnS. I just wished it had granular application control, beyond Yes/No, and ports (which are selected only by editing the rule).

Just because on Windows i prefer to see what's going on, 'exactly'. Detailed info on prompt, 'this is what's going on', and create rule from prompt however detailed or general i want.
It isn't exactly a security imperative, although it's certainly better.

Regarding the OP, a Kerio 2.1.5 type of firewall, imo yes.
CHX-I? Not sure. LnS doesn't fit that role?

 

In L`n`S, you can apply IP/port restrictions per application. Just a need to double left click the application (You will probably need to enable advanced options). So, for example, if you have an updater, you can apply restrictions to the IP(s)/port(s) of the update server(s) for that application.

- Stem

 

I'm referring to the ability to do that from prompt. Otherwise, i have to hunt down logs/write down the IP's/research the program in question. So mainly, a usability problem.

What about protocol, or does app control assume TCP/UDP only?

 

You can enable full logging on a specific application which will then show the application and IPs it connects to, but yes, there is a need to then manually enter those into the application restrictions. I suppose too much work for some.

Yes, the options (on application IP/Port restrictions) are for UDP/TCP only, but have not seen an updater update via other protocols as of yet.


- Stem

 

+1 and with 64bit support too. I am tired of firewalls that eat CPU cycles for 4 connections, while Kerio 2 could handle 50 connections without sweating.