A question and some advice please...

I've been using kerio 2.15 for some time and I'm looking to change to something more up to date but free, light and preferably still rules based. I know there are tons of "which firewall...?" threads but I'm looking for some specific advice.

Firstly, how important is it to be able to control which local ports applications can have access to? I ask this because I've tried both NetVeda (which won't work properly on my comp anyway) and filseclab and I liked them both but was unable to control the local ports access.

Secondly, I've been looking at SoftPerfect but it doesn't seem it has app control and R-Firewall which looks really promising and reminds me of Outpost Free which I used to use but like Kerio, is a little ancient.
I've read threads on both but nothing really recent and I would like to know if anyone has been using either for any length of time and whether they have proved their worth?

Finally, I remember a while ago there was some mention of an open source version of Kerio 2.15 called KerioKlone or Ghost or something. Is this still in the works or it is ever likely to see the light of day?

 

I was a Kerio 2.1.5 user, and I've recently switched to Look'n'Stop 2.05p2.

Light-weight and rules-based.

That open source project doesn't seem to be very active.
http://kerio.sourceforge.net/

 

I've read so many good things about Look n Stop and it would probably be my first choice but I'm looking for freeware only at the moment.
What happens when the trial version runs out? Does it stop working or switch to a "Lite" version and if so what are the differences?

 

See here for free version description: http://www.spychecker.com/program/looknstop.html

 

(http://www.spychecker.com/program/looknstop.html)
I don't have these qualifications, so I skip LooknStop, otherwise the subforum "LooknStop" would be too small for my numerous questions.

 

LnS Lite is strictly a packet filter, no application control.

Regards,

CrazyM

 

Are you referring to the ephemeral port range used by your system (1024-5000)?
If so, not that critical, just another step one can take to refine firewall rules and provide a heads-up if something is out of the ordinary.

Regards,

CrazyM

 

Depends on the application. For those that initiate network connections, only remote port restrictions are important (the local port will be dynamically assigned by Windows so trying to set restrictions here would be pointless).

However for applications that accept incoming connections (which includes any server software plus P2P clients), local port control is more important since it allows you to restrict incoming connections to that program only, without allowing access to other (possibly vulnerable) ports used by other programs or Windows itself.

 

I do have all apps set to use only the 1024-4999 local ports range in kerio but yes I was thinking more about p2p and chat messengers which I have restricted to only use certain ports but it doesn't seem I can do that with either NetVeda or Filseclab.

 

my advice (for free rule based FW): Sygate or Kerio . dont bother with others. you'll lose your time and nervs.

 

I was under the impression Sygate was being discontinued, though I haven't read anything in detail about it.
Also, I'm sure last time I used Sygate you could only add a certain amount of rules, like 10 or something, is that right?

Looks like I will be sticking with Kerio a while yet.
Does no-one at all use R-Firewall?

 

Sygate Personal Firewall allows 20 Advanced Rules. Sygate has recently been bought by Symantec and will likely not have any new updates anymore. Not like they updated much before though, anyways.

I have only seen bad new about R-Firewall, regarding installation. I haven't heard a single good thing about it.

You may want to try Jetico Personal Firewall, which is free and has many detailed rules that you can mess around with.

 

Regarding Jetico...

They seem to have ceased development and stopped listening to user's
ideas and so on. It appeared to have promise at one time. Many find it
too annoying with an excessive amount of popups. I found it pretty
good, but you had to invest some time in configuring and tweaking it
first to get it to a usable state.

Watch out for one problem, it sometimes can have compatibility problems
with certain software and drivers. If you run Avast AV, it will popup
with a notice at install (after the 1st reboot) and then do another
reboot to reconfigure driver stuff. I changed network adapters here
recently to a wireless setup, and installed Jetico to try it again. It
proceeded to go into an endless reboot loop, which you had to manually
break out of. But then Jetico would not run. Worse, it hosed my system
completely, leaving partially installed crap which kept trying to run
and generated errors at startup and so on.

Just be aware that there could be problems, and be prepared with a good
backup of your HD if you value your setup. After my experiences, I
would recommend trying something else...

 

I did try Jetico a few months ago but it seemed a bit buggy on my comp. For some reason, no matter what I did it refused to allow access to certain programs even when I allowed total access to them, yet at other times they connected fine, it also seemed to lose it's setting occasionaly like kerio 2.x does, though I don't remember having any trouble with Avast AV). I quite like fiddling and making rules and I don't mind all the pop-ups but with it working fine one day then not the next it got too anoying.
I was thinking about giving it another go but if it's being discontinued I don't think I'll bother. That's the same reason I haven't gone over to Kerio 4.x

Regarding R-Firewall, I installed it about 10 minutes before I read Dave-54321's post but I didn't get any install problems at all.
I'm just fiddling around with the rules at the moment as in it's default state it has failed every firewall test going and after much more searching I have been unable to find any positive comments about it but I'll give it a try, it does seem very much like Outpost though of course I realise that doesn't mean it's going to be as good.

 

Well I decided against R-Firewall, maybe I haven't given it long enough but know matter what I changed in the rules, I only ever got closed ports with a couple of stealthed. Even when I wiped out all the rules and replaced them completely with the exact same rules I use for Kerio, they were still mostly closed. I know being stealthed isn't the be all and end all but even so...
So since I can't use NetVeda, it's a toss up between Filseclab and going back to Kerio 2.15.
I'm slightly worried about Kerio because I've read quite a few things about vulnerabilities in Kerio 2, such as the fragmented packet thing, but there seems to be a lot of conflicting comments about whether these are real vulnerabilities or not.
I've never had any problems with Kerio but these reports do tend to put doubt in my mind.