Deadline to migrate off XP: need to find a replacement firewall

Discussion in 'other firewalls' started by _ck_, Mar 7, 2014.

Thread Status:
Not open for further replies.
  1. _ck_

    _ck_ Registered Member

    Joined:
    Jan 15, 2013
    Posts:
    5
    I need to repeat my question from about this time last year, because now with XP support ending, I really must spend the remainder of this year converting all my firewall rules into something new.

    Do any modern firewalls support cookie blocking/http log/plugins ?
    Maybe someone can help an "old-school" firewall user migrate to something more modern?

    I started with atguard which was light and fantastic.

    After norton bought and ruined it, moved to Outpost 4.0

    Stuck on that because they removed everything from the newer versions, like plugins, cookie filtering, http log, etc. Unfortunately it doesn't work beyond windows xp which is gettting beyond end-of-life now.

    I don't see any modern firewalls with such features, it's like we are going backwards with software development.

    I use many browsers and I do not want to setup individual rules or use plugins inside each one, I want it done at the firewall level.

    Thanks for any suggestions!
     
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If I'm reading your post correctly, you want a firewall that can filter web content as well as control connections. This doesn't have to be done at the firewall to work with all browsers. Those tasks are best performed by a separate web filtering proxy. You mentioned that you're an old school firewall user. If you're familiar with rule based firewalls, give Proxomitron a look. It works with any firewall, although it helps if that firewall can control loopback (localhost) connections on an application level. Proxomitron doesn't require installation. It's unzip and go. You need to set your browser(s) to use it as a proxy and allow it internet access through your firewall. The default proxy setting for connecting through Proxomitron is 127.0.0.1 port 8080. In this post there's links to a very strong filterset that will do most of what you want, and much more. If you need it, I can upload a preconfigured package.
     
  3. _ck_

    _ck_ Registered Member

    Joined:
    Jan 15, 2013
    Posts:
    5
    Interesting suggestion. And it would allow me to change firewalls without losing all the rules.

    Have you run into any downsides?

    I assume with https everything just falls through like it would with a regular firewall?
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Proxomitron is not a firewall. It doesn't enable a user to move rulesets between firewalls. Proxomitron is an "old school" web content filter. I'm using it with Kerio 2.1.5, an old and unsupported rule based firewall. The application itself is no longer being developed, but the rules and filtersets it uses are. It's completely freestanding and separate from the firewall. Your existing firewall, or whatever firewall you choose would continue to work as it always has. Proxomitron basically sits between your browsers and the internet and filters/modifies the allowed traffic on the fly. In many respects, Proxomitron functions a lot like NoScript but is separate and works with any browser that allows proxy settings. Like rule based firewalls, it has to be configured to match your needs. It does require the user to have some basic understanding of HTML and web content. The more the user understands HTML, javascript, etc, the more capable Proxomitron becomes. It is not suitable for casual users who want a set and forget solution.

    Assuming that you're using the firewall to control outbound traffic, the only rule changes you'd need would be:
    1, Allowing your browsers to make loopback connections to Proxomitron.
    2, Allowing Proxomitron the same internet access as your browser.
    I have my firewall configured to force all browser traffic through Proxomitron so it can't be bypassed.

    With SSL libraries, Proxomitron can filter HTTPS. The SSL certificates can be an issue with Proxomitron.
     
  5. soccerfan

    soccerfan Registered Member

    Joined:
    Oct 15, 2007
    Posts:
    167
    noone_particular,
    I would be very interested in your package.
    Thanks for your willingness to share.
     
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Hopefully, this link works.
    http://www.freewebs.com/herbalists/PROX.7z
    This is a 7zip archive of my complete Proxomitron directory with a few personal filters removed. The default configuration uses Sidki_2011-12-22rc1 configuration as its core merged with ProxBlox-v1.0.0.1. If you use Google, Facebook, or Twitter, some of my blockfile entries will interfere with those sites. The 7zip archive also includes the original filtersets and the old JDList set along with several test configurations. Although they're obsolete, the JDList configuration is excellent material for learning how the filters work and are useful for learning to write your own. The archive contains the original documentation along with the extensive documentation that is included with the Sidki configuration. I've also included a copy of a page that details the language and commands Proxomitron uses.

    Unzip the archive to your program files directory. The archive includes the containing folder, which is named PROX. The default javascript settings used in this configuration are quite restrictive and will require adjusting to suit your needs. I strongly recommend reading the Sidki documentation before you do.
     
  7. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    I have an established connection, but download gets stuck at 10% then 18% then another try 10%. Just no activity seen on the router or firewall except that initial burst. My firewall blocked udp to 137 port from 137, but that should not be needed.
     
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I was re-uploading and replacing the archive. It's possible that you were downloading it at the same time. Give it another try. I'm not sure if I can link directly to archives at that site.
    Hashes for Prox.7z
    MD5 efc3a6fb240e0896cfebbb75b3d3969e
    SHA-256 62b9a8c25175de6f1dbf56a296afec1b7987d8fa3570a47a56a4629fc3d598b8

    If the link still doesn't work, I'll try a different site.
     
  9. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    It now worked. Thanks. Took all of 3 seconds :)
    Thanks for the hashes, will check a bit later.
     
  10. soccerfan

    soccerfan Registered Member

    Joined:
    Oct 15, 2007
    Posts:
    167
    Sorry, but my download stalls. I have tried different browsers.
    Will try again later and if no joy, perhaps you could upload to
    a different site. Thanks again.
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The site seems to be having issues today. Works one minute, stalls the next.
     
  12. soccerfan

    soccerfan Registered Member

    Joined:
    Oct 15, 2007
    Posts:
    167
    Right you are. I tried again and was able to download.:D
     
Loading...
Thread Status:
Not open for further replies.