CHX-I & Ghostwall

Discussion in 'other firewalls' started by Bob D, Nov 30, 2005.

Thread Status:
Not open for further replies.
  1. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    I understand both these inbound rules based FWs / packet filters have their own devotees, but i'm curious as to:
    Efficacy of one vs. the other.
    User friendliness (don't mind reading the manuals and massaging rules, but I've no desire to make a hobby out of it).
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Just use CHX. It's hands down 10000 times better.. All you have to do is try out each one to see the difference..
     
  3. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I also prefer CHX...
     
  4. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    I'm using Ghostwall right now and, while there's a few things I would change, I like it. Those of you who use CHX, in what ways is it better than Ghostwall and what do you use for outbound protection? I heard good reviews on CHX but that lack of outbound control has kept me from trying it.
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Just take the taste test and you'll see. Ghostwall has no outbound either, so I don't see why you hesitate on CHX. I am not using either right now, just a router, and I don't worry about outbound. If you are concerned about it, there are things you can do, such as run ZA with it and turn off internet filtering, just using it for app control. If you don't want to use another firewall, you can also run something like AntiHook and try to catch the nasties that way too, before they even dial out. Best thing is to just be safe as possible.
     
  6. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    GhostWall also doesn't have outbound protection...

    CHX works very deep on your system, as a device, isn't so easy to configure, but if you have the right rules...
     
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    At the same time, Kerodo :)
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Yep, greetings VC! ;)
     
  9. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    Perhaps I have my terminology wrong. I'm okay with no app control. But I can restrict which ports my system can call out to with Ghostwall. I can do this with CHX also?
     
  10. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Sure :)

    You can set rules for inbound and outbound connection... :)
     
  11. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    Ah thanks, I think I will try it then. I'm reformatting soon so now's the time I try everything out. I don't know about anyone else, but figuring out the ideal set of rules for my setup is fun. :D
     
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    You will like it a lot I think. It runs extremely light, has abundant features, uninstalls cleanly also, so no worries if you decide against it. Well worth the try. Check out the online documentation also for a good overview of it. Then start with the sample rule set on the site and expand it to suit your needs. Make sure to also turn on SPI for all protocols in the Interface Properties tab.

    http://www.idrci.net/

    3.0 beta works very well also..
     
  13. Arup

    Arup Guest

    CHX's flthook.sys runs at a deeper level in the kernel than Ghost and because its not in task manager, its also harder to terminate, otherwise, Ghost has a easier interface to make rules and also runs light, but as far as performance goes, remains to be seen, I have run CHX on super heavy traffic servers and corporate and university systems and it did not choke at all.
     
  14. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    I've already had it downloaded. :D

    CHX is sounding very good.

    Oh, and to answer the original question: Ghostwall has a default set of rules, so it's ready to go out of the box. I just found those rules to be too "relaxed" for my liking. I like my restrict rules to be defined as broadly as possible and my allow rules to be as narrow as possible without them interfering with my comp's legitimate functions.
     
  15. Arup

    Arup Guest

    Brinn,

    Do download the sample rulesets too, gives you a very good starting point.
     
  16. TJworld

    TJworld Registered Member

    Joined:
    Jun 25, 2005
    Posts:
    13
    Remember with CHX-I as soon as you create an allow rule it assumes you want to block everything else... this is a great facility to avoid unintentional holes.
     
  17. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    I think I may have to give CHX a pass for now. I wrote a ruleset that covers the same bases as my Ghostwall set. It would work fine while I surf but then nothing would load up. The only sure way for me to get things going again was to delete the filters and reload them. Exact same filters. I think CHX would be far and away the better choice for me if I could get it to settle down.
     
  18. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece

    Welcome to the Club.
    Regards
    joter
     
  19. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Brinn,

    go to this page, and try the second samples ;) Works very nice here, on wireless interface I had to disable the "Deny Igress filters" rule for now, but I have to look better at this...

    http://www.fluxgfx.com/ssc/showthread.php?t=140
     
  20. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,524
    Location:
    USA - Back in a real State in time for a real Pres
    I don't want to make up rules either. Is there a sample rule set (link please if there is) that'll make one stealth like GhostWall? For GW all I had to do was add 1 rule to cover ports 0-1. And that rule was provided by a kind fellow from here. I'd like to try CHX but I want to be stealth. Btw is CHX 3.0 freeware like GW? Thanks.

    Edit: To be honest, reading here & on the IDRCI site. I have little to no idea which product applies to my situation. If it does at all. I'm a single home user, not operating a server. I just want optimal protection. It seems on the site all those products are networked, server based or mail server designed.
     
    Last edited: Dec 1, 2005
  21. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    zapjb,

    look at my previous post... ;)
     
  22. Arup

    Arup Guest

  23. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    I don't think it's the rules. I've used my own, downloaded some 3rd parties, tried the sample ones on CHX's site. I've had that locking up problem with every one of them. First it would work, then it wouldn't. I would delete the filters, reload and the same problem would occur after a few minutes. It may have something to do with the install. It wizard had a problem with one of the .dll's. I forced the wizard to continue (bad idea in retrospect). I've since uninstalled and reinstalled several times but that didn't fix things. It appears that the uninstall isn't as clean as I thought it'd be. My settings and whatever filters I was using in the previous install would still be there when I reinstalled.
     
  24. Arup

    Arup Guest

    H_K_L_M Software, delete the IDRCI key, btw, CHX uninstalls the cleanest as compared to all other out there except for Kerio 2x. Never had any problems with its instalations and even others running CHX never experienced this kind of problems.
     
  25. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    I cleaned out the registry as best I can and reinstalled but the problem persisted. It doesn't matter how many people are trouble-free with CHX. If it doesn't work on my comp, it doesn't work on my comp. I'll give it another try when I reformat on the weekend but for now, I'm sticking with Ghostwall.
     
Thread Status:
Not open for further replies.