How to lock out all traffic?

Discussion in 'other firewalls' started by bellgamin, Oct 4, 2007.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I feel *safe enough* without a firewall because I use SSM plus a router. So I do not want to use a software firewall.

    My connection is broadband cable.

    I would like a simple software that can temporarily LOCK OUT all internet traffic without me having to break my connection or turn-off my router.

    I do not want a full-fledged firewall -- just a simple program that will let me lock-out the internet for brief periods, from time to time.

    Does such a software exist? If so, please let me know.
     
  2. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    You can try iNet protector. (See here)

     
  3. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    I'm not certain what you mean by break your connection.

    What I do is create a shortcut on my desktop for the
    Local Area Connection. To block Internet traffic, I
    right click the icon and click Disable. Do the same
    Enable. I'm on DSL and it has no effect on my modem's
    connection to the ISP AFAIK.

    No additional software involved.
     
  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi, My cable modem has a button on its side that I use often to disconnect from the internet. If not, you could go into Network Connections and disable Local Area Connection. Somebody would have to confirm this for us though.

    Edit: I see FadeAway confirmed this as I was posting.
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Yep, my cable modem also has a little button on the top that toggles Standby mode, effectively and easily blocking all traffic, simpler than installing more software for sure...
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Thanks for the input. Sad to say, my cable modem has no stand-by button.

    The shortcut suggested by Fadeaway works -- that is, it disables the connection. However, when I re-enable the connection, my browser & email programs won't recognize that they are once again connected. I have this same problem if I turn off my router to kill the connection. This problem began after I just had a new motherboard installed (the old one got fried).

    It's a minor PITA inconvenience, but I have neither the time nor the ability to track the cause thereof.

    There are several free firewalls that will do what I want, WITHOUT confusing my browser or email programs. Namely, most firewalls easily block all traffic with a single click. That solution works splendidly.

    Therefore, it looks like I will have to relent & get a firewall.

    REQUEST- Can anyone suggest a firewall that is extremely light, NOT rules-based, & has a "block all traffic" capability in its system tray icon?

    @ N8 - Thanks for the software suggestion (iNet Protector). It should do the job, but it costs $30 -- too much to pay just to block traffic.
     
    Last edited: Oct 4, 2007
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hello,

    Do you have a connection icon in the systray?
    Well, right-click on it, disable. As simple as that.

    If you don't have it, enable it. Go to network connections, select the one you desire, properties, tick show when connected, then you can do the above.

    To solve the problem of not being recognized:

    My computer > Manage > Devices > Network adapters > Choose the one you need, right-click - Properties > Power management > untick allow computer to turn this device to save power.

    Suggested firewall - Sygate, I run it with uber-massive P2P, minimal cpu cycles, no more than 8-13MB RAM even after 2 weeks of 800+ connections.

    Mrk
     
  8. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    I have seen the same symptoms when I stop traffic with my firewall for more than a few minutes. In my case it was due to DHCP confusion, which will last for some minutes, I think. Maybe you just need to renew your DHCP configuration after reconnect.

    Cheers
     
  9. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    You could try ghostwall. Although it doesn't have the option of disabling the net from the taskbar icon a simple click of the icon brings up the main window which has an 'allow all' and 'block all' button. It runs super light on my system using only 500k of ram.
     
  10. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    I reckon the DHCP theory is correct. After re-enabling the connection, click on Repair and the IP address and other settings will be renewed, which may help sort things out.
     
  11. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    Seems to me that the simplest thing to do is install a basic software firewall that allows you to block/unblock with one (or two) click(s) as opposed to bringing up network connections, choosing the lan connection, disabling it, then later re-enabling and repairing it, etc.

    As farmerlee mentioned, Ghostwall is pretty simple with only two clicks necessary and around 500K memory utilization

    NetVeda SafetyNet allows right clicking on the tray icon and allowing/blocking traffic. Memory utilization is around 14-15MB for two processes.

    Kerio 215 may also be another option. I haven't used it in a while so I don't recall if it had that option or not. I'm sure someone else here can confirm one way or the other.
     
  12. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Here is one that is well very lite on SW = zero cpu resources.

    Why? It is not a SFW it is a HFW. AlphaShield. Has a button you press and you are locked. It can even offer a delay setting so if you wander off on a household mission, the FW will lock on it's own!

    Problem= it costs money, sorry.


    If you insist on zero $ and a SFW kerio has it's stop all traffic setting.
    You could import the standard BZ rules to minimize rule work and off you go?:D I think PC Tools Personal FW can do that as well (can't recall) and it is easier to set up as well.

    Hope this helps you
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    As mentioned, this will probably be due to the loss of your PC IP, and a need to renew. As you are behind a router (private LAN?), why not fix your PC IP, there would then be no need for DHCP (You could try this)

    You could use a firewall, as example, Jetico1, you would just remove(unload) the optimal protection ruleset. You could then select from the tray icon, "Block all" or "Allow all"
     
  14. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    The old ZoneAlarm free had a simple "block all traffic" switch, but then there's the other overhead that goes with that firewall.


    .
     
  15. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    Enabling the systray icon as Mrkvonic suggests (I do that also) brings
    up a third option :"repair". Doesn't that cause Windows to renew
    the IP address and re-set the connection? The reason for the desktop
    shortcut is that the systray icon disappears when the connection
    is disabled on this machine.

    On my set-up, there has rarely been any need to use the "repair" option,
    but it has always worked when used.
     
  16. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    I think the easiest way as several already have suggested, is to check the "show icon..." for you adapter and also as Stem suggested to get a static IP for your computer since you have a router.

    /C.
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Per your suggestion I did that. Thanks

    @farmerlee -- Per your suggestion I installed Ghostwall. I have been tempted toward Ghostwall several times, mainly based on Stem's comments (from time to time) as to importance of protecting incoming better than does an el-cheapo NAT router.

    I can't walk & chew gum. Ergo, I dunno how to do this. (However, I CAN wiggle my ears while playing "Dixie" on the ukulele.) :D
     
  18. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hello,

    Several ways:

    1. You could enable systray notification icon > right click > repair.
    2. You could use command line with ipconfig and renew - not sure if you want this.

    3. Of course, you could set static IP, network connections, right-click the relevant one > properties > under tcp/ip > properties > write down manual IP address, mask and dns ... and yes, that's twice properties!

    Mrk
     
  19. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    O.k. how to change from dynamic to static IP for your computer, follow this guide:

    http://www.portforward.com/networking/static-xp.htm

    You also have to change from DHCP to static IP in your router.

    /C.
     
  20. herbalist

    herbalist Guest

    It's too bad that you don't want a rule based firewall as those are the lightest. Kerio 2.1.5 could do what you want with 2 clicks on the tray icon. As far as the rules go, for what you're looking to do, one "allow all" rule would be sufficient. With a single allow rule, you could use Kerio as an off/on switch for the internet.
    kerio tray menu.gif
    Rick
     
  21. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    exactly...what he ^ said :)
     
  22. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Just pull the power cord out of the cable modem. Its free and totally foolproof.
     
  23. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    No need to do that. My modem is on a switched circuit on my desktop surge protector. However, as noted above, when I turn the router back on, my browser & email programs still think they haven't got a connection. Oddly enough, my Antivir updater will struggle a minute, then download updates just fine. Plus, after Antivir downloads updates, then my browser & email programs wake up to the fact that they, too, are connected. Odds bodkins, wot?

    In any event, I'm using Ghostwall, & its "block all" works just fine. When I am ready to resume surfing, & deactivate Ghostwall's "block all", then my browser, email, & everything else all work just fine.

    Go figure.

    Thanks to everyone for the excellent and VERY patient advice (there's no place like Wilders, Toto). :-*

    The problem is solved, even if I don't fully understand what causes that problem.
     
  24. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    BG-

    Perhaps your router takes a while to boot up or there is some delay in the DHCP. I admit, a software solution is a bit more convenient.
     
  25. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Interesting. When you're on dynamic IP address, your address may or may not expire while you're disconnected. That depends on the disconnect period, of course. DHCP will renew your address after some time when you're re-connected, or you can do it manually.

    Depending on the timers in all this (which I don't know), you may or may not experience some problems.

    If your firewall doesn't do this, then it doesn't block DHCP, in which case it is not a firewall :D

    Anyway, it appears to me that disabling the network connection must be the simplest solution; a firewall is a very large switch.
     
    Last edited: Oct 5, 2007
Loading...
Thread Status:
Not open for further replies.