This is a kick-a** little firewall...I like it

Discussion in 'LnS English Forum' started by Trespasser, Feb 17, 2009.

Thread Status:
Not open for further replies.
  1. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Years ago I tried Look 'n' Stop but for some reason (probably because I didn't know much back then) I went on to something else. Since that time I stepped up to Vista from XP and got accustomed to Windows Firewall with Advanced Security (which I like). But, every once in a while I like to move back to XP simply because it's so darn fast especially compared to Vista. Well, I'm in XP right now so I decided to give Look 'n' Stop a try about two days ago and I must say this thing is great. Rather simple to set up and very light on system resources (3.9 Kilobytes as of right now). Even lighter on resources than Kerio 2.1.5. I'm impressed. Here's a tip of the hat to you.

    Later...
     
  2. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    I couldn't agree more. I've used LnS for a good five years now and it's gotta be one of the best pure firewalls out there...:thumb: :eek: :D
     
  3. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    well when I tried Lns, I noticed that it doesn't have any rules for individual applications or did I miss that?
     
  4. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    By allowing applications you recognize to run it creates initial usage rules itself. You can create individual rules that tighten things down even more. Just follow the help file and/or note some additional posts for good guidance in this area. For me, usung the advanced ruleset has provided plenty of firewall security...:cool:
     
  5. ktango

    ktango Registered Member

    Joined:
    Dec 7, 2006
    Posts:
    39
  6. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    ok I have installed lns to give it another go and have worked out the app rules.

    I Have another Question.

    You know on the install default rules it has a rule at the bottom Block all other traffic etc

    and there is also other Block rules like for example "TCP Block land attack"

    My Question is seen how we have a Block all other traffic rule at the bottom
    why would we need all the other block rules like "TCP Block land attack" surley
    the Block everything else at the bottom would cover this??
     
  7. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Usually they serve to filter subsequent allow rules. Or to log specific activity.

    While i'm here, i have to say that i never quite understood LnS application control either. I can read the rules made, but didn't understand how they ended up there.
    That aside, it's one of the best personal firewalls, as far as i can tell.
     
  8. ktango

    ktango Registered Member

    Joined:
    Dec 7, 2006
    Posts:
    39
    LnS firewall approach is "deny everything, but allow certain things"; ie, if it's not explicitly allowed, it's dropped. The bottom rule "Block : All other packets" is used to discard all packets which are not allowed by user-defined rules.

    Since LnS TCP SPI is applied after a packet has been allowed by the ruleset. The other block rules like "TCP Block land attack" are used to discard unwanted packet pass through the firewall.
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Well for instance, what the rule 'TCP : Block Land' Attack' would normally be set to block, would actually be allowed by an standard authorizing communication rule, or in particular the 'TCP : Authorize most common Internet services' rule, also I like to refer to it as master auth rule. Thus here rule is the standard rule used to permit basically all the user's regular client applications connecting to Internet.

    More rules you make to permit client & server applications connections, more chance something unsolicited could ride in through the front-door, thus important to block bad possibilities from the beginning.

    Maybe you be interested in reading about Intrusion detection system (IDS) - http://en.wikipedia.org/wiki/Intrusion-detection_system, http://www.securityfocus.com/infocus/1524


    Regards,
    Phant0m``
     
  10. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Hi Phant0m I read some where in these forums a while ago that you once uploaded a custom rule set which you made. are you able to upload the lastest
    "Stable" rule set again?
     
  11. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    how often is Phant0m online? How do I purchase his latest block list?
     
  12. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, arran

    Phant0m has his own web site and forum that deals with his rule set along with very much more useful information, here is the link to the site and forum:- MntOlympus Multi-purpose Support Center

    Take Care
    TheQuest :cool:
     
  13. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    When a new application is detected, you allow or block it for all access.
    Then, for allowed applications, you can edit its setting if you want to restrict the ports and IP address this application is supposed to use.

    Not that malware applications have to be completely blocked anyway, you can't say a malware is safe on some ports, and you can trust it on some other ports.

    Also you can link the packet filter rules to one (or several) application(s), to enable a rule only if this application has connected first.

    Frederic
     
Thread Status:
Not open for further replies.