Outbound Only Firewall?

Discussion in 'other firewalls' started by Brandon, Jan 8, 2006.

Thread Status:
Not open for further replies.
  1. Brandon

    Brandon Registered Member

    Joined:
    Sep 9, 2005
    Posts:
    222
    I wondering is there a outbound firewall filtering only with application filtering or without application filtering..

    Edit: removed CHX-I...
     
    Last edited: Jan 8, 2006
  2. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    CHX is primarily an inbound packet filter.
     
  3. SwordOfSecurity

    SwordOfSecurity Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    108
    Location:
    Canada
    well theres a few that come to mind....

    Free:
    - Prevx1 "R"
    - ProcessGuard (sort of)
    - DefenseWall HIPS (again, sort of)

    Paid:
    - AppDefend (made by GS)

    wow actually i don't remember a lot...if i can remember a few i'll edit/update this post
     
  4. Brandon

    Brandon Registered Member

    Joined:
    Sep 9, 2005
    Posts:
    222
    I use ProcessGuard..Does Defense Wall HIPS act the same as PG? If not whats the differeneces...

    If there isnt many outbound firewalls, what are some inbound-only firewalls execpt CHX-I??
     
  5. SwordOfSecurity

    SwordOfSecurity Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    108
    Location:
    Canada
    well defense HIPS acts differently on how you manage your processes (a lot of the details can be found on its official site or previous threads about it)

    well there are only a few "inbound-only" firewalls out there but some that i know that are also free are:

    - Windows XP Firewall ( :p not bad actually if your looking for something with low memory usage)
    - GhostWall (i like it but i personally wish it had a small amount of outbound at least)

    Paid ones:
    well the only one that sort of comes to mind is:

    - NAV 2005 (well i never liked norton products, but just informing that this is an antivirus with a small addon onto it. it has a "Worm protection" feature which basically acts like a cheesy firewall. i think it only has inbound, but it may have a tiny bit of outbound.)
     
  6. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    You can use ZoneAlarm or NetVeda disabling their inbound protection...

    ProcessGuard and DefenseWall doesn't have network protection...

    The DefenseWall have a free version?
     
  7. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    Kerio will also work fine in simple mode as an inbound-only firewall.
     
  8. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    What are the settings for this?
    Maybe, for Network Security Module check PERMIT for all IN? or something else?

    Regards
    joter
     
    Last edited: Jan 9, 2006
  9. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    It's actually the opposite. By inbound-only, I was going on the assumption that the firewall was needed to behave as per the Windows XP firewall, in that it is required to provide protection from the outside world but would allow any communication out from the computer.

    Thus in simple mode, it blocks all inbound communication and permits all outbound traffic. This it does by virtue of stateful packet inspection.

    From the Kerio help file:

    "Simple — in this mode, the firewall enables all outgoing traffic and blocks any incoming communication. All network interfaces of the Sunbelt Kerio Personal Firewall host are automatically assigned to the Internet zone. The system security module is also disabled."

    "According to these settings, the firewall never asks user and follows the default rules (the Ask action is not used by default). This behavior can be changed by modification of system and network security modules."
     
  10. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    Understood for inbound.
    But what's about outbound only for SKPF4?
    Maybe, just check PERMIT for all IN at Network Security Module ?


    Regards
    joter
     
  11. Arup

    Arup Guest

  12. Brandon

    Brandon Registered Member

    Joined:
    Sep 9, 2005
    Posts:
    222
    I have chosen too use Kerio 2.1.5. Is there a way too disable app control?
     
  13. Arup

    Arup Guest

    Just click allow all, app control is disabled.
     
  14. Brandon

    Brandon Registered Member

    Joined:
    Sep 9, 2005
    Posts:
    222
    Thanks :)
     
  15. ws123

    ws123 Guest

    just an additional question - is the xp sp2 firewall good enough as inbound protection?
     
  16. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    I certainly think so.

    I've been using it for quite a while and have found it to be flawless. It only allows inbound connections that you grant permission. It also offers boot-time protection and drops all unsolicited packets.

    What I do is keep a copy of TCPView handy to monitor my connections.
     
  17. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    It might help if we knew exactly what it is you're trying to do..? Is it that you have a NAT and don't want a firewall, or do you already have an incoming packet filter and want something to filter outbound traffic as well? The only thing I can really think of that does outbound only is Prevx1, although you could use Look'n'Stop and disable the internet filtering, although I don't think there's any advantage in doing so.

    DefenseWall has many of the same restrictions and a few more, such as not allowing untrusted files to modify files in the Windows or Program Files directories (and sub-directories, and a few other places as well, I believe). The main difference is in the approach. PG will alert/restrict all processes, system-wide, while DW isolates "Untrusted" files (such as any of your internet software, script hosts, etc.) from the rest of the system, so they can't even see any other processes. DW places many of the same restrictions on these "Untrusted" processes, but instead of just blocking the action, it will make the program think that it succeeded in doing so. DW will keep any processes spawned by an "Untrusted" program in the sandbox, so drive-by downloads are unable to infect the system (they will still run, they just won't be able to do any of their dirty work). PG will give you alerts on any action taken that it covers, while DW will not give you any alerts, it will just log events and turn the tray icon red.

    Basically DW has some additional protection that focuses on a small group of apps that malware would attack through and ease of use, while PG is focused on a smaller group of potentially malicious actions but protects against those actions system-wide but gives you a little more control.

    Like I say, Prevx1 (in Pro or Expert mode) will give you outbound protection only.. for inbound only firewalls you can try GhostWall (http://www.ghostsecurity.com/) or Look'n'Stop Lite (you can download it from http://www.snapfiles.com/). Both are free and very light on resources, both are also bi-directional.
     
  18. drhayden1

    drhayden1 Registered Member

    Joined:
    Mar 23, 2006
    Posts:
    28
    is geswall just a outbound freewall and will it conflict with my router web and spi firewall on my computer......or any other software like a/v or such?....thanks:rolleyes:
     
  19. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I am just wondering then, if this will also produces lots of annoying pop-ups that distracts my view while surfing the web...:D :eek: ;)

    Did it only activates pop-ups when connected to internet and will not produces pop-ups when we are off-line/not connected to cyberspace? :rolleyes: o_O
     
  20. Mucker

    Mucker Registered Member

    Joined:
    Apr 20, 2005
    Posts:
    42
    Sweater,
    What about Dynamic security Agent ? I had it installed for awhile and I liked it but am having a browser problem that I have to work out. Please refer to thread in Privacy and other anti-malware software.

    Mucker
     
  21. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma


    if you allow all in Kerio 2.1.5 you have effectivly turned the firewall off to inbound and outbound filtering.
     
  22. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    I think this is only after the rules have been processed though ;)

    All you need to do to allow all outbound is create a rule at the bottom which says allow all outgoing connections in all protocols from any app to any ip address at any port.

    However, you are still filtering outbound traffic, except you are just allowing it all. You can never truly disable outbound or inbound filtering unless you disable the firewall, otherwise it will always filter traffic.

    Cheers,

    Alphalutra1
     
  23. roark37

    roark37 Registered Member

    Joined:
    May 23, 2006
    Posts:
    190
    Could Process Guard be considered as an outbound firewall with maybe just many additional features? Or am I misunderstanding how it works? If it could be a replacement for the outbound firewall do think using the built in XP firewall along with Process Guard free would provide better security and protection than say Kerio free or Zone Alarm free by themselves which have both inbound and outbound protection?

    Thanks.

    roark37
     
  24. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    It doesn't control network access so it isn't really a firewall per say, but it does provide excellent control which will prevent many different types of malware which can make outbound firewalls that filter network access worthless since there is no malware to prevent ;)

    Alphalutra1
     
  25. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    geswall is an application sandbox. it can restrict malware but it doesnt do much for outbound protection.
     
Loading...
Thread Status:
Not open for further replies.