Good minimalist firewall?

Discussion in 'other firewalls' started by pajenn, May 22, 2010.

Thread Status:
Not open for further replies.
  1. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    I'm using an old computer to run a VOIP phone through Skype. It has no screen (except when I borrow one from another computer). At the moment it also has no real-time AV and no firewall. However, I have Deep Freeze on it to keep the system partition frozen and a backup image. I also run TeamViewer on it in case I need to access it remotely or without a screen.

    The computer has nothing of value on it, but nonetheless I'd still like to add a very minimalist firewall (light on resources) to keep intruders out. I can configure the firewall at the time of the install, but I cannot train it or answer pop-ups since the computer has no screen and no one uses it actively. Any suggestions?
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I'd go with a simple NAT router. That should do the trick. No software firewall needed.
     
  3. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Look N Stop is the lightest firewall Ive encountered. You cant tell a difference between LnS and the Windows built in firewall according to the task manager resource usage, graphs, and CPU utilization.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,854
    No firewall (behind router) or Windows Firewall.
     
  5. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    id have to say LnS is the best choice for minimalist and lightweight
     
  6. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Look n Stop is light. :thumb:
     
  7. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
  8. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
  9. Night_Raven

    Night_Raven Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    388
  10. Matthijs5nl

    Matthijs5nl Guest

    The combination of a router + Windows Firewall is the best possible and lightest configuration available. Replacing Windows Firewall by any other is absolutely useless.
     
  11. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    He told he doesn't have any firewall and he is using a old computer. So, I doubt if it has windows firewall, because xp and above has windows firewall.
     
  12. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    Thanks for the suggestions.

    The router is ZyXEL Prestige 600 Series, does that fall into the NAT router category? (How do I check?) -regardless, I'm not the owner, this is for my mother (retired), who's using the router that came with the DSL connection.

    I keep Windows firewall off out of habit. Kerio 2.1.5 would be a decent choice if I had more time to train it, but I think it might be too aggressive out of the box. Ghostwall advertises itself as lighter and improved version of the Windows firewall, so that seems like a decent option. (Worked fine on a virtual PC.) I'm not familiar with SoftPerfect's firewall, anyone know how it compares to Ghostwall?
     
  13. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    ... Or Both... :)
     
  14. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Avast Internet Security's Firewall fits your description :-*
    you can opt out everything and just install the firewall.

    not free though ^^

    I have this Zyxel P-600 too. I wonder if its a router o_O
    If it is.. does it have a firewall?
     
  15. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Back from W 98 I used Kerio 2.1.5, and was very pleased. It did not seem to take long to train it, and I did not use other rules.
    With XP I went to LNS, and liked it also.

    Not sure where one would get Kerio now. I may still have a copy somewhere, but not sure.

    Regards,
    Jerry
     
  16. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If this is a "one application" PC, configuring a firewall like Kerio wouldn't take long at all. You'd only need one or two rules for the application itself, DNS and possibly DHCP rules, and one more to block everything else. Shouldn't take much more than a few minutes.
     
  17. zip

    zip Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    359
    Location:
    Mars
    You really can't go by Task Manager as to resource use.

    "Good minimalist firewall?"

    I'd go with a router fw and/or ZA Free.
     
  18. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Depending on the hardware, if it were me I would install Outpost Free. Yes, it is not the best of the best and does not do this or do that. However, in your position it should only consume about 10mb of ram and average about <10% cpu usage.

    It is application aware, so you can set skype or whatever it is to have some rules. You might just allow skype contact to a comm server on port xyz, but allow all outbound connections on port 123. You know, restrict the certain aspects that can be restricted and allow the others that will be more dynamic in nature.

    Then, set the log file size to something really small and turn it off of 'rules wizard' mode and into 'block most' mode. This way, it won't ask, and will deny anything not configured. Providing you have set the rules for skype correctly, pull the monitor and set the bios to auto reboot on power failure, or have it set to come on every day at 7am or something. Walk away and do something else.

    I used to use Outpost a lot. When it first came out as beta, a guy I met (who was a freelance coder working on it) turned me onto it. I used the free version and bought the pro version. I used versions 1-4, but quit using it after v4 ended, as it started to become a suite rather than just a firewall. But, I have put up many machines doing things very similar to what you want to do, very easy and very stable for me.

    SoftPerfect is a decent little firewall. No application control, but you set it and forget it. It is not a service though, so you rely on it startng from registry or other method. One downfall of SoftPerfect is that when you are in rules wizard mode, while you decide to answer a prompt, all other network activities are halted until you respond. But, one nice thing about it is that you can install it, and simple turn off the 'auto start' feature. Now you have a firewall lying around that is sort of 'on demand' without hooks into everything. I used to have it installed just for testing purposes and only started it when I needed it.

    LnS is pretty good, although I don't really like the GUI on it much. Kerio is not bad either, but again, I did not care for the GUI. Ghostwall, it is ok I suppose. It is light. I tend though to use firewalls that make it easy for me to navigate it and make rules. I personally think most people either consciously or subconsciously make their choise based off the same criteria. Some firewalls can be made air-tight, but one might go wacko trying to set it up to do that.

    Windows firewall is probably the lightest on resources and the easiest to set rules for, if it will suit your needs.

    Sul.
     
  19. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
    If you don't need (basic) application control, I would cut the bad habit and enable windows firewall ;) Otherwise go with LnS
     
  20. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    867
    Location:
    Turkey/İzmir
    I would recommend LnS too.
     
  21. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    Thanks. I ran out of time with the monitor, so I had to go with Ghostwall for the moment because it's the only one I could install over a remote connection without getting blocked out. (Windows Firewall would also have worked, but Ghostwall is supposed to be as light or lighter and better). The computer is a HP desktop with 500 ram and 1.3 GHz CPU. Skype works fine. The computer serves as a 1-app machine right now, but it's on 16h a day and has a 120 GB hard disk that's 80% free so maybe in the future it may become a 2- or 3-app machine. (seems like a waste of electricity to only run it for VOIP).

    I first tried this project with a 800 MHz CPU, 256 MB ram Toshiba laptop. With Skype and Kerio 2.1.5 running (and nothing else and later with Kerio off), it couldn't handle the load (skype calls were buggy and quality sucked). fwiw, Skype recommends 1 GHz CPU minimum. However, I did like Kerio and might return to it when I have more time with the monitor to train it.

    I only just tried SoftPerfect on a virtual machine, and my first impression is that it might be the best option if configured right, but the configuration appears too complicated.

    I used Comodo Internet Security Suite on the HP desktop before (when I had it in active use), and liked that fine, but it asked a lot of questions... I cannot imagine using their firewall in passive mode, plus it's a top-notch firewall whereas for this project I think a second- or third-notch FW with lower resource use would be enough. fwiw, I use Online Armor Free on my primary computer, and that worked fine on the HP desktop too (I switched to Comodo only because I wanted the complete suite at the time), but again OA would be too much for the current job.

    As for LnS, I realize it got many recommends and I may give it a spin on my primary computer if/when I become unhappy with OA, but it's not free so that rules it out for the current project... plus the name (Look`n`Stop) makes it sound less than ideal for users lacking a screen.
     
  22. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Another vote on Look 'n' Stop Firewall here.
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I will agree that L`n`S is a very good option, however, I think in this case I would use CHX-i


    - Stem
     
  24. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Router, Windows firewall and something like CurrPorts and Process Explorer to monitor system and connections.
     
  25. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    LnS stomps all over ZA in any aspect including its "lightness".

    OP LnS has a free counterpart when the 30 day trial runs out. I believe it disables the application filtering and goes based off of the rule set or vice versa. Its one of the two though.
     
Loading...
Thread Status:
Not open for further replies.