Filseclab latest truly excellent

Discussion in 'other firewalls' started by Arup, Aug 11, 2005.

Thread Status:
Not open for further replies.
  1. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    hi.Arup.i got that sraightend out.but now after i shutdown and restart most of my ports show as closed.and some are stealthed but one is open.do i have to save eny thing before i shutdown o_Oi would realy like to fix this and continue to use this fw.
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,988
    I would use another firewall if you are having problems like that. Chances are, Filseclab is not protecting at all. The few ports that are stealth could easily be those blocked by your ISP, so Filseclab is not blocking any of them, hence all the closed and a few open results.
     
  3. Arup

    Arup Guest


    Hi theshadow247,

    Are you running XP, in that case, you have to make sure that Filseclab settings, you have turned XP's internal firewall off, also you have to check the tab for registering with XP security center.

    On the main status window of Filseclab, make sure it indicates that Firwall has started, and use the mode wizard to set the firewall rules to general for now. Filseclab works fine out of the box, actually better than most other firewalls, so far have installed it in 5 PCs and all of them are stealthed.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,988
    I had no problem with it here either, although I could not check for stealth due to the router. But otherwise it seemed pretty good in general... but I would say if you can't achieve stealth with it, then something is amiss..
     
  5. Clweb

    Clweb Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    127
    Location:
    France
    I have a router too, but for testing, I enable DMZ for the PC IP.
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,988
    Thanks... I am still very new to routers, and learning.. :)
     
  7. TomLiu

    TomLiu Guest

    Changes the No.12 application rules from Protocol[ALL] to Protocol[UDP] and apply the sygate will be able to pass.
     
  8. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    hi.Arup.the setting you mentioned are already cheched off by default.and i made sure windows firewall is not running.and that security center is running.i also tryed with security center not running.i have general mode enabled.but still after a restart my some ports are closed and some are stealthed but still one port is open.thats port 1026..
     
  9. Arup

    Arup Guest

    Are you behind the router? If so that might explain the ports being shown as blocked rather than stealth. Also, any app added to the rules are given both inbound and outbound rights, I would change them all to outbound only unless inbound is specifically needed.

    By the way, Tom Liu who has posted here as guest is one of the developers of Filseclab, welcome Tom and thanks for responding.
     
    Last edited by a moderator: Aug 15, 2005
  10. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    715
    Location:
    Blasters worm farm
    Thanks for stopping by too help :D
     
  11. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    725
    Location:
    Cumbria, England
    Hi Arup, i use Opera as my browser and for my email.
    Do i need to give this inbound as well as outbound access??
    Thank~you :)
     
  12. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,220
    Location:
    Mass., USA
    Good call by TomLiu.
    Now passes Sygate's test w/ recommended settings.
    Noticed however of my first 1056 ports, all are stealthed, with the exception of #s 1047, 1048, 1053, 1055 which are closed (vs. stealthed).
    Any suggestions?
     
  13. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,220
    Location:
    Mass., USA
    To answer my own question re:
    Filseclab's fine monitor indicated those ports' activity controlled by rule 92, in my case, a reference to my browser (K-meleon).
    Not exactly sure where that rule came from, but I changed rule from:
    Remote - Anynet
    Direction - All
    Protocol - All
    Action - Pass
    To:
    Direction - Out
    All is now stealthed
    Comments / suggestions to clarify / explain why (to this FW newb), would be quite welcome.
     
  14. Arup

    Arup Guest

    Bob D,

    By specifying out, you blocked inbound ping access thereby acheiving stealth.
     
  15. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    Nope. Opera shouldn't be given server status.
     
  16. Arup

    Arup Guest

    Good thing is that Filseclab's basic rulesets prevents inbound of any web browsers.
     
  17. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    hi.arup.thanks for the responce.iam not behind a routed.what my problem was.i had every thing set to all.now i have only one thing set to all and the rest set to out.now i get all ports stealthed.thanks.again :D
     
  18. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    725
    Location:
    Cumbria, England
    Thanks trickyricky :)
     
  19. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    I left a message on Filseclab on Friday about the loopback rule and have not yet received a response. How long do they usually take to respond?
     
  20. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    Since there is a deafening silence on this query I reckon that the answer must be that like Sygate, there is no loopback rule, so if you run a local proxy there is no protection from any other program using it.
     
  21. Arup

    Arup Guest

    I would think if there was any problems like Sygate, both the browser and my Avast web shield would not be detected individually, I will send them a mail concerning this but rest assured, there is no such imminent loopback problems like in Sygate.
     
  22. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    715
    Location:
    Blasters worm farm
    Same for me with avast! Webshield, everything asked before it left PC, with Sygate everything went out un-noticed.

    I have other issues with this firewall. Privacy control doesn't work and browsers still give referrer, memory usage stays around 16mb but sometimes shoots to 30mb and doesn't reduce unless I reboot or exit firewall and restart. If I go to certain websites this firewall will lock my internet and I can't go anywhere, even disable & exit firewall doesn't solve issue, I need to disconnect and reconnect.

    Also with Filseclab my avast! network shield gives prompts...

    17.08.2005 14:45:28 DCOM Exploit attack
    from 216.25.191.154:135
    17.08.2005 15:39:09 DCOM Exploit attack
    from 216.132.125.133:135
    18.08.2005 00:16:43 DCOM Exploit attack
    from 216.25.191.201:135
    18.08.2005 00:36:10 DCOM Exploit attack
    from 216.25.189.6:135

    I don't get this using Kerio 2.1.5 o_O
     
  23. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    I would be interested in what they have to say to you. From using it the other day with Proxo it did not detect anything else going through it. There is nothing that I could see on their web site to help and have had no reply from their web site communication form.
     
  24. dholiday

    dholiday Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    48
    My two cents worth:
    Have been running it alongside CHX-I and SSM for several hours with not a single glitch. I'm surprised that it is catching SYSTEM outbounds on Port 80; never seen that with Kerio, Sygate, Outpost, LnS, or ZA.
    However, haven't figured out how to get Ping Plotter to function. Don't see how to only allow ICMP types 0, 3, and 11 inbound and 3 and 8 outbound.
     
  25. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    I have now had a reply back. It seems that this is an acknowledged fault in their loopback rule and they will be issuing an update to correct it.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.