Free SPI capable firewall?

Discussion in 'other firewalls' started by RejZoR, Oct 21, 2007.

Thread Status:
Not open for further replies.
  1. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I think that the inbound application filtering is only triggered if the application first initiates the connection (which is how it knows which program the connection is coming to). There should not be very many, if any prompts for inbound connections. The only time you should get a prompt is when using software that acts like a server.
     
  2. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    There is also a wizard which you can set it to block all inbound if you really do not want it. I will post a pic later.
     
  3. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    I think that Comodo v2.4 can behave like v3 in p2p-friendly mode if there is a network rule allowing all incoming connections. Can somebody test that?
    (Moderators, please split from the thread if it's off topic)
     
  4. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Comodo 2.4 requires a network rule allowing inbound connections for most P2P. For example, uTorrent would require a network rule for TCP and UDP inbound on port 39999, or whatever you are using. This rule is not specifically linked to uTorrent, so it would allow communications for any other application authorized to listen on port 39999.
     
  5. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Here. This may explain things. With the last mode you need to manually add ports which some prefer for security reasons. The last mode is the default. Sorry my mistake.
     

    Attached Files:

    Last edited: Oct 30, 2007
  6. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    And it creates the rules yes? Seems a good compromise. Later i will boot XP again.
     
  7. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Yes Yes Yes
     
  8. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Yeah be extremely careful! :D
     
  9. feniks

    feniks Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    130
    Is it for sure?

    Then how Ghostwall achieve full stealth (even with rule allow all incoming ICMP)? I read that stateless firewall can not protect against stealth scans.

    please read 7th position from bottom

    According to the quote below and and what Alphalutra1 stated above how to explain that Ghostwall is able to work actually with two rules alllow all outgoing and on bottom block all outgoing and incoming? And all know that Ghostwall is light on CPU and resources?

    Also here are Ghostwall features:

    Here are some key features of "GhostWall":

    · Packet filtering ability for TCP/UDP/RAW and ICMP.
    · 64-bit and 32-bit compatible
    · Suitable firewall for people who play games and other low latency requirements
    · Very Low resource usage
    · Minimal impact to network latency due to fast and efficient coding
    · Shows network speed for TCP/UDP/RAW and ICMP
    · Shows data transfered for TCP/UDP/RAW and ICMP
    · Displays 50 last blocked and allowed packets for TCP/UDP/RAW and ICMP
    · Panic buttons, to allow all traffic, or to block all traffic

    What exactly the first point mean?

    I just try to understand... :)
     
  10. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Okay, you are getting confused with terms. If you read very closely what is said in the presentation on iptables, it says that a stateless iptables cannot protect against "stealth scans" . These are a type of scans used by various network scanners such as nmap and I will let it tell you what it is since it is probably better at describing then I am:

    "Stealth" on the other hand, refers to having all ports appearing to not exist, and is just a stupid term coined by Steve Gibson. It really just means all the connections are "filtered", or that the firewall instead of properly following RFC, drops the packets and doesn't send the response.

    Since this is more of a reference to rule based firewalls, what happens is that the firewall processes each packet in order of the rules you define. So if the packet matches rule number one, then it will be dealt with according to the rule. That means that even if rule number two says to block the packet, it won't matter since the packet has already been dealt with. This behavior depends on the firewall you are using, but this is how Ghostwall deals with things.

    It is just saying all of the various protocols Ghostwall can filter. Here is a link that explains them that I found by typing "internet protocols" into google and it was the first result.

    Cheers,

    Alphalutra1
     
  11. feniks

    feniks Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    130
    Thank you Alphalutra1. :)

    I read the answer and I already read that before about this SYN/ACK like you desribe. (When I learn to use CHX-I)

    What I am confused about is that I was thinking that it is part of SPI. Like the rule in CHX-I where you allow all income based on SYN flag and drop all other. So this way whatever I initiated is allowed back rest is blocked. That is how I understand.

    I understand how Ghostwall is processing rules, what I do not understand is how Ghostwall knows what is allowed for incoming if it is not specified.

    So I speculate that it is maybe same like CH-X with the wan start rules all allow outgoing - and incoming is allow based on SYN flag (like you desribe above) and CHX-I filtering.

    CHX-I is called SPI packet filter or firewall so it confused me when you said that Ghostwall is not SPI. What I understand stateless firewall is based on rules and I have only these two rules so how Ghostwall know what to allow and what to drop if I do not specify any rule for incoming?

    You are right that I am confused I read that OA is not deep SPI but have state table, Ghostwall is stateless and CHX-I is SPI. o_O

    OA is asking for incoming allow or block but Ghostwall and CHX-I not. So to me Ghostwall and CHX-I works very alike and for me in practical terms (user level) the difference is that in CHX-I I had to check that I want SPI and I thought that in Ghostwall it is somehow built in. The difference is that also in CHX-I you do not have the global block rule.

    So what the difference in how they decide what is allow for incoming and what to drop without any specific rules? Like in CHX-I SPI filtering but in Ghostwall if does not have SPI then how?

    I hope you are still willing to answer? :)

    EDIT: Also by what methods Ghostwall is achieving closing ports until connection is requested - what I thought is part of SPI:

    http://stateful_inspection o_O
     
    Last edited: Nov 26, 2007
  12. feniks

    feniks Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    130
    That also adds to confusion because I read that Ghostwall is superior to windows firewall and I thought SPI is more advanced form of protection. And you said Ghostwall does not have SPI...

    Hopefully you understand my dilemma. :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.