Best free firewall

Cheers, I've got a couple of good rulesets for Kerio 2.1.5 but not for 4. Are the defaults sufficient does anybody know?

 

securepoint personal firewall looks promising--
http://www.securepoint.cc/en/products-pcfirewall.html
full statefull firewall engine as well. Not too many Free firewalls use Spi!

cheers
lowen

 

Sygate, ZoneAlarm and Jetico are just a few free firewalls that use stateful inspection... Most do nowadays...

 

I can name quite a few that don't! And I meant true Spi, not partial/simulated.

cheers
lowen

 

i've encountered several problems with its compatibility, though

 

Every firewall maker seems to have their own version of SPI, and their own definition. I have no idea what "true" SPI is, but some others that claim to have SPI are Kerio, VisNetic, Outpost, the list goes on and on.

 

I downloaded and looked thru the manual and it looks interesting.. Have you installed and tried this firewall yet? Any comments on it?

 

I’m not absolute but I don’t think the Application-Filtering base software firewalls such as Kerio are stateful, if anything probably "stateful-like" by making rules dynamically according to what allowed apps are doing.

Then you have software firewall developers manipulating static packet-filtering methodology. SPI is well implemented in VisNetic and 8Signs, and yet another strong stateful packet-filtering firewall and my most favourite, is, CHX-I .

Regards,
Phant0m``

 

I like VisNetic a lot. Seems to be a good firewall. I did Google for CHX-I but only found sites in German so I couldn't understand any of it.

 

The official link http://www.idrci.net/idrci_tryit2.htm

 

In regards Securepoint firewall. I downloaded it and my system was locked tight. It appears Securepoint and Prevx Home don't play well together, at least on my machine. I'm sure someone could figure it out and make things work but a warning to those here who are as ignorant of computers as me, if you have Prevx, it might be wise to avoid Securepoint firewall.

Also, I turned Prevx off prior to installing Securepoint. After the reboot, I got a warning from Prevx about Securepoint initiating a buffer overflow, and everything stopped.


I'm running WinXP home SP2, 1.3G AMD Duron, 512 RAM.

 

I am trying securepoint firewall now and it seems to work well, it passed every leak test I tried. The only problem I have with it is that it doesn't always start with window everytime.

 

Thanks, I'll check it out...

 

I tried it briefly and it looked interesting. However, I ran the tests at grc.com and it showed everything stealth except port 0 and 1 for some reason, which showed closed. No big deal, but I wonder why it doesn't stealth everything.

I also was not sure what I was allowing when I gave an app or service permission to access the internet. It didn't distinguish between inbound and outbound connections. If it allows inbound then that's not good.

Looked at the rules briefly also, and it seemed rather poorly implemented.

Otherwise everything seemed to work ok on Win2k.

 

I have downloaded the manual and am giving it a look. Please, post or PM if you would like after a enough time has lapsed, (your best judgement), I value your opinion especially. I am looking for a future ZAP 5.1.033 replacement. No hurry. I am also thinking on Armor2net I think it is. Thanks BigC.

 

Let me give it a few more days and I will give you my opinion on it. In the alert box it did mention if an app was wanting to connect to the net. I am havind to just test the out going filtering due to my router that blocks all incoming.

bigc

 

That will be just fine. I have Router Firewall inbound protection as well.

 

Hi all!
Securepoint Personal Firewall is a good stateful firewall. It is FREE and still in the developement stages. It still is far from perfect though (only in app filtering!) But the spi is a true implementation, as Phantom spoke of. I did a write up of it at: http://www.fluxgfx.com/forum/viewtopic.php?t=93

It also works good with Nuzzler, which is a good free IDS/IPS that uses Snort rules. I have talken to Andreas there at SecurePoint and he told me that they would be open to any suggestions! They are a German based company, so if you notice any of the 'descriptions' in German, you know why! (Just a few...) My 2 cents on the firewall is, it is a good SPI layer firewall, with a normal application filtering system, but far from perfect. The rule creation is basic (like Tiny) can't set flags...But like lowen said, it has promise! I also took the spi for a spin by GRC and PCFLANK and it showed stealth on all, like most firewalls these days should! (unless you are behind a router, and respond to WAN pings!)

My next test is to try their corportate version of 4.5 that has hardened linux server and window client nodes. Just like with CheckPoint fw-1. Just have to wait to get a mini-system (cigar box) and see how that pans out.

CU
Jazzie

 

For a new software firewall it seems to work fairly well to be in the early stages of devolopment. The one problem I had that I didn't like and couldn't get around was that at least two out of five starts securepoint would not load with windows and I would have to manualy start it. I am sure that this firewall will be a good choice once thay get a few bugs out.

bigc

 

I tried it for a while longer and liked it also. It should be good when they get a few of the bugs worked out. I did encounter a few problems though:

1) grc.com showed ports 0 and 1 "closed" rather than "stealth". This is on a Win2k system. Don't know why...

2) when the popup appeared to allow new apps, it would show the ports for the previous app allowed rather than the correct ports for the current app.

3) There was also a problem with Avast Anti-Virus. Avast creates a file called Avast.Setup when it checks for updates. This file is then deleted when it's done. Securepoint therefore removed the Avast.Setup app and settings from my apps whenever the file disappeared because it thought the app no longer existed. This is the same problem Look N Stop has also. Needs to be changed and/or addressed.

4) I went to their forum or message board and everything was in German, which is fine, however, it doesn't help me if I want to ask questions or report bugs. I assume there must be an email address to send bug reports to or questions also. Hopefully. But the forum was basically useless for English speaking people.

Aside from the above, I did like the firewall. I like the idea of it having a good stateful inspection implementation. This did seem to be the case as far as I could tell.

Perhaps in time they will work out some of the problems..

 

Kerodo- Hi, there is an Eglish/German Icon on the top-right side of the main support forum page! (little obscure!) Then you should be able to post in English. I have XP SP2 and didn't come up with those ports being closed at grc, being opened up (DMZ). That is odd! I had both the personal firewall and Nuzzler working too... But then again, I haven't tried on a Win2k box. Maybe after a few more versions, it should be really a good competitive personal firewall.....

cheers
lowen

 

dear daf
for kerio 4x rules, use the free configuration converter utility INSIDE the Start Menu>Programs>Kerio 4 folder. Converts 2x to 4x and vice versa. Also get someone to edit the IDS modules rules for you for best results, its snort based.