Firewall Choosing

Discussion in 'other firewalls' started by Xenophobe, Feb 15, 2008.

Thread Status:
Not open for further replies.
  1. Xenophobe

    Xenophobe Registered Member

    Joined:
    May 26, 2007
    Posts:
    174
    I'm looking for a light firewall that focuses on inbound protection and packet filtering, other than Look'n'Stop because it's not compatible with my games. (I used to use a router, but after a while it stopped working and it didn't share connections properly.) Any contributions or answers are greatly appreciated.

    Edit: I'm sorry, I didn't know I posted this in the Other Anti-Virus section.
     
    Last edited: Feb 15, 2008
  2. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
  3. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Ghostwall is another possibility.

    Actually, it is possible to set up many rule based firewalls to do what you want by adding rules to allow outbound TCP and UDP communication for any application on any port, or a subset of all ports. This would not be hard with Kerio 2.1X or Jetico I (needs an extra rule for network access and disable the process attack table). There are probably a few others.
     
  4. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    I have no problem with ZAAS. All online games work and its very easy to a rule or app. Also ZAAS or even ZAP has "game mode".
     
  5. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
  6. Xenophobe

    Xenophobe Registered Member

    Joined:
    May 26, 2007
    Posts:
    174
    Well, I'm honestly not very advanced when it comes to firewall rules. Any available premade rulesets would be nice.
     
  7. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    I spent some time putting together a package of info/data for those few
    who are interested in trying CHX 3.0 packet filter.

    The file includes:

    1. CHX 3.0 installer
    2. Wan_start ruleset (gets you started with basic SPI/DPI)
    3. V.2.8.2 CHX-I html help file
    4. V.3.0 CHX help file (mostly adds payload filtering info)
    5. Various instructional screenshots taken from developer's website,
    forums, and the CHX GUI.

    All info in the package is/was available free on the NET.

    Don't run Vista here, but I suspect that it will not work on that OS.

    While no great mystery, it's not for users without knowledge of TCP/IP,
    and basic understanding of rule writing for ports, protocols, & IPs.
    You can write outbound blocking rules for those, but it is not an
    application control firewall. There are, however, instructions in the
    package for starting without the need for writing any of your own rules:
    CHX SPI does it all.

    I am not an IT professional, and learned it mostly from reading forum
    posts, and by trial-and-error; and have never needed to use even half
    of its full capabilities. Every question a home user could ever ask
    is probably answered in one of the many CHX treads at Wilders. Try
    the search box first.

    I ran it for a long time on a direct connection to the Internet,
    and nothing unsolicited ever got past it. Behind a router now,
    I use it to write rules controlling ports, protocols, and IPs.
    Its SPI/DPI & logging capabilities are unsurpassed in my experience.

    Get the file:

    HERE
     
  8. Xenophobe

    Xenophobe Registered Member

    Joined:
    May 26, 2007
    Posts:
    174
    Thank you. (Also, I'm particularly glad you uploaded it to Rapidshare, I have a premium account. :p)
     
    Last edited: Feb 16, 2008
  9. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    I recommend CHX-I as well. It gives granular control over TCP (flags) and ICMP (codes), something that is rarely seen in a typical household firewall. Also keeps a state table for UDP and ICMP. And it is free. You don't have to be advanced user to handle it, but as FadeAway pointed out, some tcp/ip knowledge is needed. Just load wan_start and you should be fine.

    BTW, I have 2 updated drivers, chxmpf and chxmpld, this was the last update to CHX 3 iirc. They have to be installed manually. If anyone needs them, feel free to PM me, I will post a rapidshare link in this thread.

    Ghostwall comes with a default ruleset, you can run it out-of-the-box.

    Cheers,
     
  10. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    @ Seer

    Why not learn a little bit about a Firewall Ruleset to make the Packetfilter better ?
    If you use the default Ruleset, you can use the Windows Firewall, its the same.
     
  11. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    IMO, Ghostwall (and CHX-I) is a tad faster than the Windows firewall. Also, they're more difficult to kill.
     
  12. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    I agree, IMO using packet filters and changing default rulesets implies some knowledge on tpc/ip and on system in general. But many seek out-of-the box solution and regarding Ghostwall, it will allow browsing, software updates, mail, etc. with a default ruleset. It also has intuitive interface, if any additional rules are needed.

    Windows Firewall is not a bad choice for a packet filter. It is efficient and unobtrusive, and if there's a need, an additional app can be added to control net access. Not everyone is willing to deal with ports and protocols and I do understand them.

    Actually CHX drivers can be killed easily with a 'net stop'. Nothing wrong with that, of course.

    Cheers,
     
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Correct :) I was refering to the fact that the XP firewall is easily disabled changing the value of some reg keys (under admin account, one more reason to use LUA). A fair amount of malware is programmed to do that. How many malware will actually kill Ghostwall drivers if they can't even figure what they are?
    Security through obscurity, you know ;)
     
  14. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    Yes, I included that little tidit of information in the CHX package,
    but think you would agree that the odds against ever having malware
    actually do it, are sufficiently high as to make it of little concern
    for the average home user. It certainly has never bothered me.
     
  15. rogervernon

    rogervernon Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    289
    OK- I hear what you say about LUA, but isn't it a pain to set up on an existing configuration?
    Currently I am the sole user on my PC and obviously have been running as an administrator. If I try to create a new limited user account, I get a bare bones set up.
    To get all my programs, settings etc set up & running as I want them do I have to go through the whole rigmarole of installing & configuring things to my requirements ? As an example none of my email settings are there when I run Thunderbird on the LUA.
    Is there a`way to import existing settings and so on from the administrator's account, or is it possible to change the existing administrator's account to LUA and create a new admin. account? Would this not make it impossible to carry out the whole configuration as one presumably needs admin. rights to make the alterations?
     
  16. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    If you're in XP, just create a new Admin account first (so you will have Admin access when needed), and then Change your existing Admin user account to Limited. Everything will be installed already, and most stuff should work.
     
  17. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    A widely used application is prone to attack vectors more than the other one, of course. However, it is not hard to imagine a simple batch file that will kill both Ghostwall and CHX. A PoC.

    A very good approach. But it also falls under a PoC category so it may be a concern to some/many.
    BTW, congrats on 3000 posts :)

    As I said in my previous post, me neither. Whatever the odds, I was never concerned with the ability of firewalls to "self-protect" from malicious actions, as it was never their job. It would be the same as to expect from such as "Notepad" to be able to "self-protect".

    If one sleeps better under a LUA (or a HIPS/AV in admin account), then one of these should be used by all means.
     
  18. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Agreed
    Thanks, I hadn't noticed that.
    Couldn't agree more. With a simple limited account, your firewall is safe against unauthorized termination.
     
  19. Xenophobe

    Xenophobe Registered Member

    Joined:
    May 26, 2007
    Posts:
    174
    After looking more, I've found a very light firewall (WIPFW) which is a Windows port of FreeBSD's IPFW. I'm using it with a enhanced ruleset, and so far it hasn't interfered with anything while passing any IP probe test I try. :cool:
     
    Last edited: Feb 22, 2008
Loading...
Thread Status:
Not open for further replies.