Good app control / outbound access / low resource FIREWALL ?

heh Thanks.

 

yea... gud 'un.

 

Update from a Kerio to L'n'S transferred (via Jetico) user:

I'm running L'n'S 2.5.p2 with d1 fw driver using Phantom's ruleset v6.

L'n'S seems light on resources and fast in action, just like others have stated.

However, it's process of making rules is a bit different from others and while it may improve security, it is not perhaps the easiest to configure.

Example: even if you have authorized an application for Internet access, you will need to build a rule separately that matches the port use of that application.

You need to build that rule manually, finding out various connections that the application wants to use.

There is no provision (such as in Kerio 2.1x series) to detect network activity per application and build rules based on that.

You have to find out through other means (logs, other software, Internet discussion forums) which protocols, ports, etc. an application wants to use, and build the rule based on that.

So, similar but different (and more cumbersome from a user point of view) way of configuring application rights when compared to Kerio 2.x.

Also, I have not yet found a way to include a list of ports in a single rule, just a single port or a single range.

So, for many apps one has to create several rules, depending on how many ports / ranges the application uses.

All in all, despite the changes in way of working (from Kerio) and somewhat cumbersome configuration, it looks like a very good for-paid replacement for Kerio 2.x, IF one is willing to learn a new way to set up the rules.

The latest firewall system driver build (d1) also catches more leaktests than previous versions.

Just FYI.

regards,
halcyon

 

You can clear the L 'n' S log then try to use the application you want to use. Then just right click on the logs and you can automatically make rules for it that you can make more secure later.

 

Good to see you’re still reviewing your options as it almost appeared you had ruled out most of the main stream firewalls in your earlier posts. LnS does has a different feel than Kerio. For persons who like and use rule based firewalls the search for the “perfect one for me” is often akin to the Quest for the Holy Grail.

Regards,

CrazyM

 

yes.. I can second that... just like every time I've tried changing firewalls, I'm flummoxed and completely stumped, and every other day there's a new product with a few *new* features that makes it seem as attractive as the last option. Stupid Kerio... If only it had component control, I'd have been contented by now.

 

That is true, although it doesn't work if:

- the activity is not logged (that depends on settings one has made for logging)
- thee activity logged can be made into a rule (not all can)

Also, it is important to notice two further differences with Kerio 2.x:

- One must make a new rule for each port/port range. Port lists / port range lists are not possible
- At default, Internet filtering rules are NOT tied to a specific app. That is, if you authorize an app and then make a corresponding Internet Filtering rule, ALL authorized apps can use that same connection type. In effect, it is NOT possible to limit a certain applications network rights to certain IP addresses/ports/protocols only.
- While it is possible to activate a certain rule only when a certain application starts, this still doesn't limit other applications from benefiting from a rule that was started due to another application.

Those features alone make both configuring more cumbersome and true application filtering impossible to set up.

Still, other than that, it's a very nice looking fw imho.

regards,
halcyon

PS L'n'S 2.5p2 with d1 driver build is using currently 5.8MB of RAM on my system, which makes it even less RAM hungry than Jetico.

 

So what was your final verdict? Did you adopt just one firewall or did you combine 2 as some people have done?

 

Please pardon my newbie questions!

What/where/why is a "d1 driver build"?

Have you ever though about using an old PC as a separate/standalone Firewall and then you can use some program ON the PC for app control?

I have been using IPCop "forever", and I can do a new install in less than 15 minutes (and restore my backup settings)! IPCop does SPI, and lots more. http://sourceforge.net/projects/ipcop/

Mike

P.S. Is there some secret decoder ring to decipher all the shorthand in this thread... "AH"

 

The main drawbacks to using an old PC as a firewall appliance are noise, space required, and power consumption. Jetico Personal Firewall has evolved to the point that it is useful now and it fits the bill.

 

Sure, I have my old PC in the cold basement. I took the power supply apart and added a resistor into the fan feed to lower the noise considerably.

I *think* that IPCop can be built/loaded/used on a flash/memory stick.

 

Update on this.

After having tried quite a few options, I settled down on purchasing Look'n'Stop 2.5.

I'm now running 2.5p2 with the latest beta drivers along with Phantom ruleset and everything is peachy. System is snappy, I feel more secure than with Kerio and memory resource usage is relatively low.

I've had my problems with LnS not starting, not finding my Ethernet interface (to be firewalled) automatically and application filtering not working initially.

However, all these problems were solved by the support and people in the LnS English user groups here at Wilders.

While I consider the GUI to be a little messy and the English helpfile not quite up to the best standards, this is the best firewall for me now (light resources, basic app filtering, does not require Cisco certification to be used, but has good filtering rules and logging + scores high on various leaketests).

Just FYI.

 

I know no one paid attention to this before but Filseclab is another excellent and exceptionally light app control firewall, does its job nice and quiet without much fanfare. It is from China so there are no forums sadly but Jerry Wong from their tech department always responds to your queries. It is among the most commonly used firewalls in China where the Chinese version is known as X-Filter, China has huge number of net users, in fact probably the largest in the world so they get a nice client feedback. Best of all, it is free and you have nothing to loose.