This is a kick-a** little firewall...I like it

Years ago I tried Look 'n' Stop but for some reason (probably because I didn't know much back then) I went on to something else. Since that time I stepped up to Vista from XP and got accustomed to Windows Firewall with Advanced Security (which I like). But, every once in a while I like to move back to XP simply because it's so darn fast especially compared to Vista. Well, I'm in XP right now so I decided to give Look 'n' Stop a try about two days ago and I must say this thing is great. Rather simple to set up and very light on system resources (3.9 Kilobytes as of right now). Even lighter on resources than Kerio 2.1.5. I'm impressed. Here's a tip of the hat to you.

Later...

 

I couldn't agree more. I've used LnS for a good five years now and it's gotta be one of the best pure firewalls out there...

 

well when I tried Lns, I noticed that it doesn't have any rules for individual applications or did I miss that?

 

By allowing applications you recognize to run it creates initial usage rules itself. You can create individual rules that tighten things down even more. Just follow the help file and/or note some additional posts for good guidance in this area. For me, usung the advanced ruleset has provided plenty of firewall security...

 

Hi arran,

Here you can get some applications rules.
http://www.looknstop.com/En/rules/rules.htm

 

ok I have installed lns to give it another go and have worked out the app rules.

I Have another Question.

You know on the install default rules it has a rule at the bottom Block all other traffic etc

and there is also other Block rules like for example "TCP Block land attack"

My Question is seen how we have a Block all other traffic rule at the bottom
why would we need all the other block rules like "TCP Block land attack" surley
the Block everything else at the bottom would cover this??

 

Usually they serve to filter subsequent allow rules. Or to log specific activity.

While i'm here, i have to say that i never quite understood LnS application control either. I can read the rules made, but didn't understand how they ended up there.
That aside, it's one of the best personal firewalls, as far as i can tell.

 

LnS firewall approach is "deny everything, but allow certain things"; ie, if it's not explicitly allowed, it's dropped. The bottom rule "Block : All other packets" is used to discard all packets which are not allowed by user-defined rules.

Since LnS TCP SPI is applied after a packet has been allowed by the ruleset. The other block rules like "TCP Block land attack" are used to discard unwanted packet pass through the firewall.

 

Well for instance, what the rule 'TCP : Block Land' Attack' would normally be set to block, would actually be allowed by an standard authorizing communication rule, or in particular the 'TCP : Authorize most common Internet services' rule, also I like to refer to it as master auth rule. Thus here rule is the standard rule used to permit basically all the user's regular client applications connecting to Internet.

More rules you make to permit client & server applications connections, more chance something unsolicited could ride in through the front-door, thus important to block bad possibilities from the beginning.

Maybe you be interested in reading about Intrusion detection system (IDS) - http://en.wikipedia.org/wiki/Intrusion-detection_system, http://www.securityfocus.com/infocus/1524


Regards,
Phant0m``

 

Hi Phant0m I read some where in these forums a while ago that you once uploaded a custom rule set which you made. are you able to upload the lastest
"Stable" rule set again?

 

how often is Phant0m online? How do I purchase his latest block list?

 

Hi, arran

Phant0m has his own web site and forum that deals with his rule set along with very much more useful information, here is the link to the site and forum:- MntOlympus Multi-purpose Support Center

Take Care
TheQuest

 

When a new application is detected, you allow or block it for all access.
Then, for allowed applications, you can edit its setting if you want to restrict the ports and IP address this application is supposed to use.

Not that malware applications have to be completely blocked anyway, you can't say a malware is safe on some ports, and you can trust it on some other ports.

Also you can link the packet filter rules to one (or several) application(s), to enable a rule only if this application has connected first.

Frederic