Good minimalist firewall?

I'm using an old computer to run a VOIP phone through Skype. It has no screen (except when I borrow one from another computer). At the moment it also has no real-time AV and no firewall. However, I have Deep Freeze on it to keep the system partition frozen and a backup image. I also run TeamViewer on it in case I need to access it remotely or without a screen.

The computer has nothing of value on it, but nonetheless I'd still like to add a very minimalist firewall (light on resources) to keep intruders out. I can configure the firewall at the time of the install, but I cannot train it or answer pop-ups since the computer has no screen and no one uses it actively. Any suggestions?

 

I'd go with a simple NAT router. That should do the trick. No software firewall needed.

 

Look N Stop is the lightest firewall Ive encountered. You cant tell a difference between LnS and the Windows built in firewall according to the task manager resource usage, graphs, and CPU utilization.

 

No firewall (behind router) or Windows Firewall.

 

id have to say LnS is the best choice for minimalist and lightweight

 

Look n Stop is light.

 

SoftPerfect Personal Firewall may be a good choice if you don't need application control.

 

Windows firewall or maybe Ghostwall. But behind a NAT router would be preferred.

http://www.ghostsecurity.com/ghostwall/

 

Also Kerio Personal Firewall 2.1.5 is extremely light, stable and free.

 

The combination of a router + Windows Firewall is the best possible and lightest configuration available. Replacing Windows Firewall by any other is absolutely useless.

 

He told he doesn't have any firewall and he is using a old computer. So, I doubt if it has windows firewall, because xp and above has windows firewall.

 

Thanks for the suggestions.

The router is ZyXEL Prestige 600 Series, does that fall into the NAT router category? (How do I check?) -regardless, I'm not the owner, this is for my mother (retired), who's using the router that came with the DSL connection.

I keep Windows firewall off out of habit. Kerio 2.1.5 would be a decent choice if I had more time to train it, but I think it might be too aggressive out of the box. Ghostwall advertises itself as lighter and improved version of the Windows firewall, so that seems like a decent option. (Worked fine on a virtual PC.) I'm not familiar with SoftPerfect's firewall, anyone know how it compares to Ghostwall?

 

... Or Both...

 

Avast Internet Security's Firewall fits your description
you can opt out everything and just install the firewall.

not free though ^^

I have this Zyxel P-600 too. I wonder if its a router
If it is.. does it have a firewall?

 

Back from W 98 I used Kerio 2.1.5, and was very pleased. It did not seem to take long to train it, and I did not use other rules.
With XP I went to LNS, and liked it also.

Not sure where one would get Kerio now. I may still have a copy somewhere, but not sure.

Regards,
Jerry

 

If this is a "one application" PC, configuring a firewall like Kerio wouldn't take long at all. You'd only need one or two rules for the application itself, DNS and possibly DHCP rules, and one more to block everything else. Shouldn't take much more than a few minutes.

 

You really can't go by Task Manager as to resource use.

"Good minimalist firewall?"

I'd go with a router fw and/or ZA Free.

 

Depending on the hardware, if it were me I would install Outpost Free. Yes, it is not the best of the best and does not do this or do that. However, in your position it should only consume about 10mb of ram and average about <10% cpu usage.

It is application aware, so you can set skype or whatever it is to have some rules. You might just allow skype contact to a comm server on port xyz, but allow all outbound connections on port 123. You know, restrict the certain aspects that can be restricted and allow the others that will be more dynamic in nature.

Then, set the log file size to something really small and turn it off of 'rules wizard' mode and into 'block most' mode. This way, it won't ask, and will deny anything not configured. Providing you have set the rules for skype correctly, pull the monitor and set the bios to auto reboot on power failure, or have it set to come on every day at 7am or something. Walk away and do something else.

I used to use Outpost a lot. When it first came out as beta, a guy I met (who was a freelance coder working on it) turned me onto it. I used the free version and bought the pro version. I used versions 1-4, but quit using it after v4 ended, as it started to become a suite rather than just a firewall. But, I have put up many machines doing things very similar to what you want to do, very easy and very stable for me.

SoftPerfect is a decent little firewall. No application control, but you set it and forget it. It is not a service though, so you rely on it startng from registry or other method. One downfall of SoftPerfect is that when you are in rules wizard mode, while you decide to answer a prompt, all other network activities are halted until you respond. But, one nice thing about it is that you can install it, and simple turn off the 'auto start' feature. Now you have a firewall lying around that is sort of 'on demand' without hooks into everything. I used to have it installed just for testing purposes and only started it when I needed it.

LnS is pretty good, although I don't really like the GUI on it much. Kerio is not bad either, but again, I did not care for the GUI. Ghostwall, it is ok I suppose. It is light. I tend though to use firewalls that make it easy for me to navigate it and make rules. I personally think most people either consciously or subconsciously make their choise based off the same criteria. Some firewalls can be made air-tight, but one might go wacko trying to set it up to do that.

Windows firewall is probably the lightest on resources and the easiest to set rules for, if it will suit your needs.

Sul.

 

If you don't need (basic) application control, I would cut the bad habit and enable windows firewall Otherwise go with LnS

 

I would recommend LnS too.

 

Thanks. I ran out of time with the monitor, so I had to go with Ghostwall for the moment because it's the only one I could install over a remote connection without getting blocked out. (Windows Firewall would also have worked, but Ghostwall is supposed to be as light or lighter and better). The computer is a HP desktop with 500 ram and 1.3 GHz CPU. Skype works fine. The computer serves as a 1-app machine right now, but it's on 16h a day and has a 120 GB hard disk that's 80% free so maybe in the future it may become a 2- or 3-app machine. (seems like a waste of electricity to only run it for VOIP).

I first tried this project with a 800 MHz CPU, 256 MB ram Toshiba laptop. With Skype and Kerio 2.1.5 running (and nothing else and later with Kerio off), it couldn't handle the load (skype calls were buggy and quality sucked). fwiw, Skype recommends 1 GHz CPU minimum. However, I did like Kerio and might return to it when I have more time with the monitor to train it.

I only just tried SoftPerfect on a virtual machine, and my first impression is that it might be the best option if configured right, but the configuration appears too complicated.

I used Comodo Internet Security Suite on the HP desktop before (when I had it in active use), and liked that fine, but it asked a lot of questions... I cannot imagine using their firewall in passive mode, plus it's a top-notch firewall whereas for this project I think a second- or third-notch FW with lower resource use would be enough. fwiw, I use Online Armor Free on my primary computer, and that worked fine on the HP desktop too (I switched to Comodo only because I wanted the complete suite at the time), but again OA would be too much for the current job.

As for LnS, I realize it got many recommends and I may give it a spin on my primary computer if/when I become unhappy with OA, but it's not free so that rules it out for the current project... plus the name (Look`n`Stop) makes it sound less than ideal for users lacking a screen.

 

Another vote on Look 'n' Stop Firewall here.

 

I will agree that L`n`S is a very good option, however, I think in this case I would use CHX-i


- Stem

 

Router, Windows firewall and something like CurrPorts and Process Explorer to monitor system and connections.

 

LnS stomps all over ZA in any aspect including its "lightness".

OP LnS has a free counterpart when the 30 day trial runs out. I believe it disables the application filtering and goes based off of the rule set or vice versa. Its one of the two though.