Private fw for the non tweeker?

Discussion in 'other firewalls' started by elstupido, Apr 12, 2012.

Thread Status:
Not open for further replies.
  1. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    You have to understand some basic principles first (which is the two different OutPost threads, you will have to do a search) which Stem points out in this thread. Trust me, if you follow Stem's threads you cannot go wrong.

    I still use exactly what he taught me to this day and my system didn't blow up, nor is anything come knocking on my door, never.

    You can also use the same basic principles with other FW's but it will be differentiated in the way you have to do it, in order to achieve the same thing.
     
  2. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    He tests many different FW's or you would not have his expertise.
     
  3. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,067
    Location:
    Serbia
    Sorry to bump in like this, but I saw some "ignore lists" being mentioned, so...

    Not with the first option.
    With this one, you can initiate the connection (as outbound SYNs ar allowed),
    receive SYN/ACK from the remote, then send ACK to it and the connection is established.
    No one can initiate the connection from outside though,
    as you will block (replying with a RST) or drop (no reply, or "stealth") inbound SYNs.

    With the second option, you get your "connection refused", as all inbound,
    including a SYN/ACK reply from the remote, is blocked/dropped.
     
  4. sparviero

    sparviero Registered Member

    Joined:
    Apr 23, 2009
    Posts:
    88
    If you run a server.

    Finally one with the greatest smartness and clear understanding of what "block all" means.Congratulations. :D
     
  5. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,067
    Location:
    Serbia
    No. If you run a client.
    There is a big difference between a SYN and a SYN/ACK packet.
    You should know.

    I am not the "one with greatest smartness", I am only posting correct info.
    You can check that easily at the Google. In 2 minutes.

    Cheers,
     
  6. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    I certainly appreciate and applaud his testing but I don't have any expertise, that's why I am trying to learn by reading threads in this section.

    What I do personally is look at the various firewalls, the test data and reviews available and try to make a decision commensurate with my own level of knowledge (or lack thereof) when it comes to fiddling with the minutiae of firewalls. I have never made customizations except for those easily accomplished via the user interface after reading the user manual if one is available.

    So, while I have no expertise, I am trying to advocate for those of us, like the thread originator and myself, who would like to learn more without either requiring an advanced degree or needing to wade into the middle of an ongoing battle of "experts" who are arguing about issues that are beyond our pay grade. There should (hopefully) be some middle ground.

    (Also, fwiw, my system hasn't had anything come "knocking on my door" either...and I'd like to continue to keep it that way.)
     
    Last edited: Apr 21, 2012
  7. sparviero

    sparviero Registered Member

    Joined:
    Apr 23, 2009
    Posts:
    88
    Each firewall is a good, pay no attention to packet filtering, each is a good for every day use.
    Pay attention to easy configuration, block all inbound an block all outbound, then create outbound permissive rule for what you really need.

    for all, I wish you a very nice day..
     
  8. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    :thumb: I accomplish this with PF by setting all levels to "high", opting for "manual control", disabling "auto-response" and being "alerted to all new outbound connections".

    When an alert pops up it is blocked by default until I make a choice as to whether I want to allow that app or process to connect out.

    (Even us dummies can do this. :cool: Then we can take it a step further and apply the same constraints on "parent" processes.)

    And a good day to you, sparviero.:thumb:
     
  9. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,067
    Location:
    Serbia
    Most personal firewalls will keep the state based merely on originating IP/port combination, and will not even look at flags, so I'm wondering what "stateful filtering" are you talking about here.
    But even if they were to look at flags (as some do), it does not change the way the connection is established.
     
  10. datarishik

    datarishik Registered Member

    Joined:
    May 11, 2010
    Posts:
    182
    What I can infer from these posts is that either the misunderstanding is around the terms "solicited"/"unsolicited" (as fax said) or someone or the other is trying to propagate misleading information about Firewalls here, which couldn't be deemed acceptable on a security forum.
     
  11. datarishik

    datarishik Registered Member

    Joined:
    May 11, 2010
    Posts:
    182
    Well said, Blues. Cheers! :thumb:
     
  12. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,955
    Location:
    Somethingshire
    Last edited: Apr 21, 2012
  13. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Gentlemen:

    In all this excitement I thought I'd remind the thread of the original post.

    Note:

    1) The poster implies they are a non tweeker (an ordinary poster/user)
    2) The title is using PFW " out of the box"
    3) They also are using Chrome, winpatrol, sandboxie, standard user account

    With due personal respect to the original poster I think all he/she wanted was some reassurance that PFW is good enough security with the other tools.

    My response would be "I don't know" because:

    I don't use the set of tools he has , don't know how he ended up with that mix, was it designed into place by an expereinced security guy or as I suspect did they get added by well meaning friends who said things like you need sandboxie , you need wipatrol etc.

    The intense discussion about how FW's should work and then how they really work via testing them I liked but I fear did not help the guy much.

    The other thing I would want to know if I was at his site is what uses does he make of the www. Just email? Does he do OLB and buy products using credit cards etc.

    If Stem can help the PFW users "max" their settings that would be a good thing for those users. But no claim will be made that this is "it" ie proof that PFW is the perfect 3rd party FW. There is no such product in existance or if there is no body can "prove it" to the satisfaction of all the users of the other products.

    All of this is just IMHO. :D
     
  14. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Just curious, what setting to you guys or girls set the threshold at or do you leave defaults.?
     
  15. ksmall1998

    ksmall1998 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    2
    I have also started to use PF and this thread has gotten very interesting.

    My question would be...... if I'm a behind a router using Open DNS should I worry about tweaking PF to further harden the system? I also have Malwarebytes and MSE running in the background.
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Depends on the odds you are willing to take.

    I have a router with statefull packet inspection. Pitty is that the term packet inspection got corroded and only checks whether a connection is open within the network (on IP/Port combination and at best also checks whether the packet is within the anticipated range). Commercially this type of protection is now called SPI. The SPI the pro's are talking about now is often referred to as deep packet inspection.

    IMO SPI does not protect against targetted probes of hackers. But be honest what are the odds a home user will be the victim of such a selective attack. SPI also does not protect you against innocuous Web browsing, spyware, adware, trojans etc. Modern OS-ses (nearly every linus distro, Vista and upward like Windows7) have some form of root/ring0 boundery protection (like UAC for instance). So running UAC with a modern browser (e.g. Chrome's sandbox) and some anti-virus will be more than adequate for daily use.

    PFW has also some additional intrusion and execution control feastures which help protect against malware. So IMO you are wel protected without tweaking the default settings.

    Regards Kees
     
  17. ksmall1998

    ksmall1998 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    2
    Thanks Kees.

    Another noobie question has come to mind since PFW has been running. I use Opera as my primary browser. I was doing some tweaking as posted earlier in this thread or the other PFW thread on internet facing apps. In the advanced application tab Opera does not show up in the list, but Firefox and IE do. Does this mean Opera could be bypassing the firewall or hiding behind another system process??
     
  18. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,079
    hi.
    ive only had one problem with private firewall and that was stealthing the ports.
    I used the shields up test and PFW was failing this everytime.
    Any suggestions on what settings i should be using to get this firewall stealthed,?

    thank you.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.