Fastest Firewall?

Discussion in 'other firewalls' started by rdsu, Oct 14, 2005.

Thread Status:
Not open for further replies.
  1. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    Hi,

    What is the Firewall that introduce the lesser delay on the connections that you know?

    Thanks
     
  2. Arup

    Arup Guest

    Just one word, CHX, nothing comes close, you will need to add some sort of outboound protection but CHX can also block outbound ports as well.
     
  3. doug6949

    doug6949 Registered Member

    Joined:
    Nov 28, 2003
    Posts:
    110
    Does CHX lack outbound capabilities? Please expand on this.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,014
    I would have to agree with Arup and say CHX also. I have tried them all, and while some do seem to slow things down, CHX gives you the feeling that there's nothing there at all. This is on cable also. It is ultra lite, and IMO the best packet filter around.

    I suggest you try it and see for yourself.. ;)
     
  5. Arup

    Arup Guest

    doug,

    CHX is not app based, however, it lets you create Trojan blocking outbound filters and you can also block bad IP's with it by incorporating Snort and Block List.
     
  6. fluxgfx.com

    fluxgfx.com Guest

    CHX-I is a packet filter. Not an applicating filter.... sigh go read the information on the website.
     
  7. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
  8. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Let us make this simple . If you pay attention to Arup , GOD is the only thing that comes close to CHX . CHX is NOT a firewall ! Period . It can help if you add much to it to make up a firewall but , AGAIN , CHX is NOT a firewall . So take the info here with a grain of salt . If you are looking for an actual FAST firewall , you may want to throw out a few names and see which is considered the fastest of ACTUAL firewalls by some of the " experts " here . Jsut wanted to clear things up a bit as there have been replies but , NO honest answer .
    May I suggest that one you may want to mention would be LnS . Besides that , it can also depend on your individual setup . Tiny is very fast for me but , not for some others as all systems are different . Outpost has NEVER slowed me down but , many others have complained that it does . Just look at ACTUAL firewalls and go from there .
    And good luck .
     
  9. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Look'n'Stop is very fast, also uses very little memory.
     
  10. Arup

    Arup Guest

    :):):) Wow! CHX not a firewall, thats news for me, IDRCI and Stefan.

    And by the way, Arup is a Hindu pagan idol worshipper, so it is GODS that can come close to CHX.
     
  11. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,014
    The traditional "firewall" that we all know and use isn't the only way to go. In fact, it might not even be the best way. You can also run something like CHX for your inbound firewall and then use AntiHook to cover outbound. AH will alert you to *anything* odd executing or going on *before* it even gets to the point of dialing outbound, so in effect, the CHX/AH combo could be considered an even better solution than your traditional firewall.

    And then there are also those who consider outbound control a waste of time anyway, as most traditional "firewalls" can be easily defeated, or so some say.

    Just another point of view... ;)
     
  12. Arup

    Arup Guest

    This also makes me wonder the loose description of firewalls today, in that sense, Kerio 2x cant be considered a firewall as well, maybe the term for ZAP, Outpost etc. should be security suites rather than firewall.
     
  13. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    HI all!

    I would like to comment about CHX-I! I agree with some of you above, that CHX-I is a packet filter, not an application filter. For the typical 'home' user, an application based filtering firewall is more suited. (LNS, ZAP, ect..) But, CHX-I is a powerful SPI packet filter that has a very good reputation as being such! It could be argued that just because CHX-I doesn't have an app filter, it isn't a true firewall! I for one use 'Smoothwall' it uses iptables, which is also a true stateful firewall, based on linux. It is my foremost protection from the 'red' side of things. On my WinXP boxes, I use ZAP with app control ONLY ( no need for the inet filter) Does this mean that my system(s) are not implimenting a proper firewall configuration? I would have to say no! It all depends on preference. If I had only a client/client configuration, I would use CHX and ZAP together! Only because I want to control bandwidth, that is the only reason for using an app filter in tandem with CHX-I. Not concerned with leak tests, or what not. I figure if something gets by Clam AV, Avast and f-prot (server side) then my system is fair game! :)........ CHX-I is very good and I recommend it to power users or anyone implimenting a home network...


    Regards
    Jazzie
     
  14. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    An external firewall (be it Linux server or NAT router) should have the lowest impact of all. However for most situations, speed should take second place to security and the ability to control network access on a per-application basis should be a key requirement for the majority.
     
  15. Arup

    Arup Guest

    If speed of browsing and throughput for download isn't a priority, why bother getting cable, ADSL, satellite etc. and yearn for more mbps when there is always the good old slow and steady dial up. Security is important, but not at the cost of speed, system response and data flow. There are many other ways to secure and harden a system with negative speed impact.
     
  16. big4guy

    big4guy Registered Member

    Joined:
    Oct 15, 2005
    Posts:
    10
    Guys,

    I have been doing a lot of research as to which is the fastest firewall. Well between CHX and Look'n Stop, Look'n Stop wins handsdown. It is the fastest firewall available and can filter at amazing speeds. (BTW I am not a Look'n Stop Salesman !!!:) )

    Cheers
    big4guy

    http://www.big4guy.com
     
  17. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    For browsing web pages, there is little point of having a high-speed (>512Kbps) link since:
    • most web pages are small (<200KB) so TCP would not have the chance to reach full line speed before the download was complete (TCP starts connections slowly and speeds up as long as responses are received);
    • most web servers have limits to how quickly they can serve pages up;
    • a good part of the loading time is due to having to establish multiple connections to download page elements (aggressive ad-filtering and HTTP-pipelining can reduce this).
    Of course, an "always-on" link has many other advantages over dialup like cost (no need to pay for call charges in places where local calls are not free) and convenience (no waiting for a modem to connect, can still use the phone). However unless you are using high-bandwidth applications like video-streaming or file-sharing there is little benefit in upgrading to a faster link.

    Finally, if you value speed over security, then the first thing to do is ditch your anti-virus software. It will, in most cases, have a far greater impact on general system performance than any firewall.
     
  18. Arup

    Arup Guest

    In some cases, there are web pages with multiple images and the size go well over 4mb, with my Opera set to 128 connections, it flies through them on my system. About AV, it slows down but then thats a price I am willing to pay as compared to the combined effects ot Firewall+AV slowdowns.
     
  19. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    Hi Arup,
    can you tell me how to incorporate CHX with Snort.
    and where to find other IP lists.
    thanks.
     
  20. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    Can you tell me where you researched this 'finding' ? Is this by personal research or having more than one client and doing p2p and transfer tests?

    http://www.fluxgfx.com/ssc/showthread.php?t=9

    Regards
    Jazzie
     
    Last edited: Oct 15, 2005
  21. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Such pages are very much the exception in my experience - and when I have encountered them, the limitation has been the server bandwidth.
    Combined Firewall+AV overheads should only be a problem if you have not taken the time to configure your AV to exclude scanning of firewall log files. This can make a big difference.
     
  22. Arup

    Arup Guest

    By combined firewall+AV, I meant the system response, nothing to do with browsing. My current AV doesn't slow down my browsing in any way.
     
  23. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    Thanks for all your suggestion :)

    CHX-I can be great for inbound protection, but you cannot install and forget it... When I had some available time, I will try at the same...

    Look 'n' Stop is an excellent Firewall, that use very low resources, but isn't free... :(
     
  24. Stefan_123

    Stefan_123 Guest

    You are correct. CHX-I is not a firewall.
    It is a packet filter(hence its name) - pretty much along the line of Netfilter/IPtables.

    Much obliged for your efforts to clear things up.


    Regards,

    Stefan
     
  25. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Kerio 2.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.