Adventurs in Firewalling..... Some of you may notice that I have finally registered for Wilders. I have CHX-1 up and running on my test machine. Very interesting. First thing I noticed is this baby does not have a service running. There is a driver somewhere, but no service. Over at the Device Manager, View, Show hidden devices, Non-Plug and Play Drivers, I found "CHX-1 filter Hook Driver". By the way, if you never look in that non PnP driver list, you should. This is where some really nasty stuff can be found, like software keyloggers which tru to hide by not running a service. It seems that all the examples in the documentation are for incomming filters. I hope I understand this right, but an incomming filter set to allow, is only allowing incomming packets that is are responsonding to outgiong packets from my machine. To allow unsolicited incomming packets, I had to set up a force allow incomming rule. For example, eMule requires a force allow incomming TCP on port 4662. Netbios required force allow from ports 137 and 138 to ports 137 and 138 with both local and remote addresses being my lan address range. And so on.... This seems to imply that any application on my machine can make outbound connections on any port to any remote port at any address. Is this less secure than having a set of rules in 8Signs that allow all applications to make outbound connection on local ports 1024-5000 to remote ports 21,25,53,80-82,110,443,1024-65535 at any remote address? Perhaps the answer is it is not less secure once you accept that you do not need application control. After all, most trojans are going to operate on these common services anyway. Any thoughts from the firewall gurus?