List of Free Firewalls

Discussion in 'other firewalls' started by AJohn, Dec 7, 2004.

Thread Status:
Not open for further replies.
  1. Stefan_R

    Stefan_R Registered Member

    Joined:
    Dec 12, 2004
    Posts:
    47
    @Kerodo &AJohn,

    CHX runs as a kernel service (flthook.sys). The remote management service (in user mode) should be stopped by default and only plays a role in remote administration via the RMC. The resources consumed by the driver depend on the amount of rules/ stateful options and amount of traffic. The MMC snap-in was chosen to minimize the size of the package and offer a Windows friendly environment for the admins.

    The UDP timeout value can be reduced from its initial value of 60 secs to let's say 3 secs (DWord value as explained in the manual). You can then use the CHXStateTables.exe application to poll the driver and observe state details. You may also use this little app to learn about chx TCP stateful implementation/performance etc.


    For those who need an optimized driver (the current one is far from offering enhanced performance in heavy traffic environments) drop an email and I'll provide you with a new driver.


    Best Regards,

    Stefan
     
  2. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    See.. this guys great :D

    Thnx Stefan
     
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,988
    Thanks Stefan.. Very nice.. :)

    I actually tried reducing the UPD Timeout value to 1 second (!) and everything seemed to work fine, and it cut out most of the late/dup DNS replies from my servers. Only an occasional one got thru. No problems...
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    An alternative would be to allow the ICMP unreachables to your DNS server(s) only.

    Regards,

    CrazyM
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Stefan

    Thanks for stopping by and welcome to Wilders :)

    Regards,

    CrazyM
     
  6. Snorter

    Snorter Guest

    It's what the neighborhood bully sells at the corner for $10. It comes in a plastic bag.
     
  7. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    "The administrator has specified that you can only edit messages for 7200 minutes after you have posted. This limit has expired, so you must contact the administrator to make alterations on your message."

    Tried to add some more free firewalls...
     
    Last edited: Dec 13, 2004
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,988
    Maybe the administrator can change your settings...
     
  9. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Thank you CrazyM for updating my list for me, much appreciated.
     
  10. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
  11. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
  12. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Unless I am mistaken, Smoothwall, Freesco, and IPCop are not for Windows.
     
  13. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    They have their own OS, they're based on Linux, but you don't need to know Linux at all. The idea is to turn a PC into a dedicated firewall, kind of like an external router, but with far more options.

    edit: Ok, I had missed that these were just software firewalls for Windows, at least we gave your thread a bump :)
     
  14. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Last edited: Dec 28, 2004
  15. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,988

    Does the .Net in Safety.Net imply that I need the .Net stuff installed on my system for it to work? I have a fresh install of Win2k, but did not install the .Net stuff from Windows Update.. Just curious...
     
  16. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I doubt it
     
  17. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,988
    Ok, thanks.. I may try it out sometime and I guess I'll find out when I do.. ;)
     
  18. If you guys are looking for just a simple Windows packet level firewall (IP to IP, or IP/port combos), just use the Windows IPSec filters. I just needed to allow/block specific IPs to an internal server network, and these policies work great. It's harder to configure, but when it is done, it works well.

    For any of my Linux boxes, I just use iptables, which are my favorite.
     
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,988
    IPSEC is great.. I've played with it some here and use it as a firewall for when I reinstall Windows while I'm doing the updates, before I install any regular firewall.

    The only thing you need to watch out for is, when you allow traffic out to remote port 80 for browsing and so on, then you automatically have to allow it inbound as well, since IPSEC isn't stateful at all. So in doing so, someone could theoretically use a source port of 80 and come in with TCP and scan your ports or access certain ports thereafter and so on. What I did was also block any traffic from remote port 80 to any of my open ports TCP. That way if someone does scan me, all they'll see is closed ports and they can't do any harm.

    Another limitation is that you can't specify what ICMP types to allow or block. It's an all or nothing thing. Either you allow all ICMP or block it all.

    IPSEC is pretty cool though. It uses zero resources because it's part of Windows. It's nice if you just want a simple packet filter...

    Here's a link for anyone interested in playing with it:

    http://www.microsoft.com/serviceproviders/columns/using_ipsec.asp
     
  20. Yes, I completely agree with you. IPSec is good for one thing...putting up an absolute block. We use it to protect our core server environment, but on the outside, of course, we use Cisco FWSM/PIX equipment on top of standard Cisco ACLs.

    At home, I use a hardware firewall for protection of my home environment, and I use Kerio2.1.5, on any Windows boxes, that are directly on the Net. Although, it seems to have a problem with WinXP SP2, so I just started looking into CHI-X packet filter software. There is a lot of good stuff out there, just need more time to go through it all.
     
  21. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,988
    I like CHX-I a lot, it's one of my favorites, although if you want app control you'll then have to use something else. But it's really nice... Next to IPSec, it's probably the lightest thing you can get...
     
  22. Arup

    Arup Guest

  23. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
  24. Arup

    Arup Guest

    Thanks, so it looks like a good addition to the Sygate Free I am currently running.
     
  25. Arup

    Arup Guest

    http://www.software602.com/

    Has anyone seen this, free for 5 users, whole suite contains Firewall, antivirus as well as Proxy server, looks like a good deal.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.