Private fw for the non tweeker?

You have to understand some basic principles first (which is the two different OutPost threads, you will have to do a search) which Stem points out in this thread. Trust me, if you follow Stem's threads you cannot go wrong.

I still use exactly what he taught me to this day and my system didn't blow up, nor is anything come knocking on my door, never.

You can also use the same basic principles with other FW's but it will be differentiated in the way you have to do it, in order to achieve the same thing.

 

He tests many different FW's or you would not have his expertise.

 

Sorry to bump in like this, but I saw some "ignore lists" being mentioned, so...

Not with the first option.
With this one, you can initiate the connection (as outbound SYNs ar allowed),
receive SYN/ACK from the remote, then send ACK to it and the connection is established.
No one can initiate the connection from outside though,
as you will block (replying with a RST) or drop (no reply, or "stealth") inbound SYNs.

With the second option, you get your "connection refused", as all inbound,
including a SYN/ACK reply from the remote, is blocked/dropped.

 

If you run a server.

Finally one with the greatest smartness and clear understanding of what "block all" means.Congratulations.

 

No. If you run a client.
There is a big difference between a SYN and a SYN/ACK packet.
You should know.

I am not the "one with greatest smartness", I am only posting correct info.
You can check that easily at the Google. In 2 minutes.

Cheers,

 

I certainly appreciate and applaud his testing but I don't have any expertise, that's why I am trying to learn by reading threads in this section.

What I do personally is look at the various firewalls, the test data and reviews available and try to make a decision commensurate with my own level of knowledge (or lack thereof) when it comes to fiddling with the minutiae of firewalls. I have never made customizations except for those easily accomplished via the user interface after reading the user manual if one is available.

So, while I have no expertise, I am trying to advocate for those of us, like the thread originator and myself, who would like to learn more without either requiring an advanced degree or needing to wade into the middle of an ongoing battle of "experts" who are arguing about issues that are beyond our pay grade. There should (hopefully) be some middle ground.

(Also, fwiw, my system hasn't had anything come "knocking on my door" either...and I'd like to continue to keep it that way.)

 

Each firewall is a good, pay no attention to packet filtering, each is a good for every day use.
Pay attention to easy configuration, block all inbound an block all outbound, then create outbound permissive rule for what you really need.

for all, I wish you a very nice day..

 

I accomplish this with PF by setting all levels to "high", opting for "manual control", disabling "auto-response" and being "alerted to all new outbound connections".

When an alert pops up it is blocked by default until I make a choice as to whether I want to allow that app or process to connect out.

(Even us dummies can do this. Then we can take it a step further and apply the same constraints on "parent" processes.)

And a good day to you, sparviero.

 

Most personal firewalls will keep the state based merely on originating IP/port combination, and will not even look at flags, so I'm wondering what "stateful filtering" are you talking about here.
But even if they were to look at flags (as some do), it does not change the way the connection is established.

 

What I can infer from these posts is that either the misunderstanding is around the terms "solicited"/"unsolicited" (as fax said) or someone or the other is trying to propagate misleading information about Firewalls here, which couldn't be deemed acceptable on a security forum.

 

Well said, Blues. Cheers!

 

ot posts removed.

Other un-related posted moved to
https://www.wilderssecurity.com/showthread.php?p=2045130

 

Gentlemen:

In all this excitement I thought I'd remind the thread of the original post.

Note:

1) The poster implies they are a non tweeker (an ordinary poster/user)
2) The title is using PFW " out of the box"
3) They also are using Chrome, winpatrol, sandboxie, standard user account

With due personal respect to the original poster I think all he/she wanted was some reassurance that PFW is good enough security with the other tools.

My response would be "I don't know" because:

I don't use the set of tools he has , don't know how he ended up with that mix, was it designed into place by an expereinced security guy or as I suspect did they get added by well meaning friends who said things like you need sandboxie , you need wipatrol etc.

The intense discussion about how FW's should work and then how they really work via testing them I liked but I fear did not help the guy much.

The other thing I would want to know if I was at his site is what uses does he make of the www. Just email? Does he do OLB and buy products using credit cards etc.

If Stem can help the PFW users "max" their settings that would be a good thing for those users. But no claim will be made that this is "it" ie proof that PFW is the perfect 3rd party FW. There is no such product in existance or if there is no body can "prove it" to the satisfaction of all the users of the other products.

All of this is just IMHO.

 

Just curious, what setting to you guys or girls set the threshold at or do you leave defaults.?

 

I have also started to use PF and this thread has gotten very interesting.

My question would be...... if I'm a behind a router using Open DNS should I worry about tweaking PF to further harden the system? I also have Malwarebytes and MSE running in the background.

 

Depends on the odds you are willing to take.

I have a router with statefull packet inspection. Pitty is that the term packet inspection got corroded and only checks whether a connection is open within the network (on IP/Port combination and at best also checks whether the packet is within the anticipated range). Commercially this type of protection is now called SPI. The SPI the pro's are talking about now is often referred to as deep packet inspection.

IMO SPI does not protect against targetted probes of hackers. But be honest what are the odds a home user will be the victim of such a selective attack. SPI also does not protect you against innocuous Web browsing, spyware, adware, trojans etc. Modern OS-ses (nearly every linus distro, Vista and upward like Windows7) have some form of root/ring0 boundery protection (like UAC for instance). So running UAC with a modern browser (e.g. Chrome's sandbox) and some anti-virus will be more than adequate for daily use.

PFW has also some additional intrusion and execution control feastures which help protect against malware. So IMO you are wel protected without tweaking the default settings.

Regards Kees

 

Thanks Kees.

Another noobie question has come to mind since PFW has been running. I use Opera as my primary browser. I was doing some tweaking as posted earlier in this thread or the other PFW thread on internet facing apps. In the advanced application tab Opera does not show up in the list, but Firefox and IE do. Does this mean Opera could be bypassing the firewall or hiding behind another system process??

 

hi.
ive only had one problem with private firewall and that was stealthing the ports.
I used the shields up test and PFW was failing this everytime.
Any suggestions on what settings i should be using to get this firewall stealthed,?

thank you.