Kerio 2.1.5 or Look and Stop?

I've been using LnS with the beta drivers & service for a while now, and have had nothing but luck. I doubt I will ever use anything else. I also love the DLL control because it gives a little more granular control over what an app can do.

Have you used LnS? Phant0m's ruleset is the best I've seen, but the additional protection makes it all that much better. For instance, even though it is set to only use my ISP's DNS servers, it will still prompt me on any attempts.. things can still use tricks to bypass the DNS servers. Every leaktest of similar types have always had the same results, even ones that were made after the beta driver, so I have a very hard time believing that it only works against specific leaktests, and it doesn't use typical "sandboxing" methods the way some firewalls do, it acts like a firewall all the way around.

I do agree that leaktests are not the only criteria on which you should base your choice of firewalls, but having LnS seems a little like having your cake and eating it to I also realize that LnS is not for everyone, but I do think it should at least be considered and trialed. I think the price is also quite fair for the length it will last, and have never had anything but prompt responses when emailing support.

 

I've switched to LnS from Kerio 2.1.5, and I find that I have more control over the rules.

I can set the allowed Fragment Offsets and/or Flags, TCP Flags, Mac Addresses, and some more options.

My web browsing speed seems faster too (Maybe my Kerio had a bad rule somewhere in there)

EDIT: Another note, LnS plays nicely with CHX-I ^_^

 

What exactly is CHX-I? Is it similar to Protowall?

 

Jaguar,

Check it out at www.idrci.net

It is the best and most configurable packet filter around.

 

It's a packet filter program.

It doesn't have any Application Filtering support, but it serves mainly as an Incoming/Outgoing filter.

It's very similar to LnS; the Packet Filter Edit screen has similar options

There are options to Deny All Fragmented Packets, and it has TCP/UDP/ICMP Packet Inspection ^_^

 

Interesting. But why would you need this if you have a hw and sw firewall?

Sorry for my n00b questions, just trying to understand.

Thanks,

Jag

 

I have a router with SPI, LnS and CHX-I.

I don't know

Perhaps it is because I'm paranoid, or maybe because I want another program to catch whatever the other misses

I have no straight answer, but it sure makes me feel safer!

 

Jag - If you already have a hardware fw then you probably don't need CHX-I. Just some outbound app control, so perhaps something else like Kerio 2 or ZA would do there. CHX-I can't offer you any outbound app control, so it's no help in that department. And since you already have a hardware fw, it would be a little redundant. You could use CHX-I to restrict outgoing traffic to certain addresses and ports, but there's no control over individual apps. So it might be best to use a software firewall with app control features, which most of them do have.

 

It does, kind of ^_^

You can't specify the program, but you can block/allow outgoing traffic. (I've written a filter to block Kazaa uploads ^_^)

The downside to this is that I've had to punch holes through CHX-I for other programs that use ports in the blocked outgoing port range

 

Yep, when I use CHX-I I just allow everything outbound and use it's SPI to control what comes back inbound. Then just a few force allow inbound rules for things I need (I have 2 dhcp servers) etc. To me, it's too much of a pain in the ass to worry about outbound traffic in CHX. For that, I would rather just run ZA for app control, with internet filtering in ZA turned off completely. Or LnS for the same purpose..

 

Many thanks to the both of you for explaining things. Sometimes I feel as if I am not protected enough, other times I feel like I need more.

Hanging out on these forums are quite addicting too. There is a great wealth of knowledge here and lots of friendly users, a nice change from some of the other places I used to go to.

In any event, I thank you both for taking the time to explain things a bit. Now I just have to determine what sw fw to get and then perhaps down the road Process Guard.

Best Regards,

Jag

 

Get the lightest running software firewall as you already have a hardware firewall so all you need is outbound app control.

 

anyone have a download link for 2.15?

 

thanks ronjor