Who wants another firewall?

Discussion in 'other firewalls' started by Centurion, Feb 28, 2011.

Thread Status:
Not open for further replies.
  1. Centurion

    Centurion Registered Member

    Joined:
    Sep 8, 2006
    Posts:
    11
    Would anyone here be interested in a new CHX-like firewall with IPv6 support?
     
  2. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    351
    Would rather see a Kerio 2.1.5-like firewall with IPv6 support.
    Or an Atguard 3.22-like firewall with IPv6 support that works on XP and later.

    I tried CHX-I when it was available but found the rules priority more confusing than Kerio/Atguard and now that I use a router, outbound is really more important than inbound.
     
  3. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    267
    Location:
    Philippines
    I wouldn't mind.
     
  4. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Most definitely.
     
  5. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    NO !

    John
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK

    +1 :thumb:
     
  7. Centurion

    Centurion Registered Member

    Joined:
    Sep 8, 2006
    Posts:
    11
    Just a "NO" answer doesn't help much. Would you care to explain?
     
  8. Centurion

    Centurion Registered Member

    Joined:
    Sep 8, 2006
    Posts:
    11
    Beside IPv6 support, what else would you like to have?
     
  9. wat0114

    wat0114 Guest

    Yes, that would be most excellent :)

    Not too many bells and whistles, other than detailed, easy to read logging, and of course excellent packet filtering capabilities like the original, just to keep things Spartan-like ;) Oh, one more thing...would it be possible to add the capability to filter selected associated services with svchost as it is with Win7 fw, or will there be no program/process filtering control as is the case with the original?
     
  10. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Easy - I`ve got a perfectly good firewall, why do I want another ?

    John
     
  11. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    176
    +1 :thumb:
     
  12. Centurion

    Centurion Registered Member

    Joined:
    Sep 8, 2006
    Posts:
    11
    Thanks. That's actually one of the reasons I was asking this question. In today's world we have lots of firewall flavors to chose from and I was wondering if resurrecting another one would be good or bad.
     
  13. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    UDP/ICMP tracking (pseudo stateful inspection) as in the original.
    It pretty much eliminated the need to do some things like
    locking down port 53 to a single DNS server, IIRC.
     
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Not sure. I don't know enough about CHX to decide. I read a little about CHX after googling it, but i'm not sure what the difference is with it, and most other firewalls. Is it like LnS? Could someone make a comparison with a Firewall already on the market?
     
  15. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,274
    Well, they all do the same thing. Thousands of windows. Deeper and deeper and one can hardly keep straight the processing priorities or the duplication of rules. Ever tried chnaging a rule that occurs in many applications? It hurts.

    Is that a real proposal?
    Centurion, are you a firewall writer?

    Not familiar with CHX. Take Kerio 2.1.5, add
    1. self protection (not sure if need, but I think I read about it someplace)
    2. IPv6
    3. In the GUI for filter rules,
    3a. add a way to use a rule as source for a similar rule (copy, paste, edit)
    3b. checkmark column for Logging similar to the current enable/disable
    3c. add a way to add IP addresses in CIDR format
    3d. allow to move or delete a group of rules (multiselect)
    4. Add another Custom Address Group, or subclassification thereof, since one group is not sufficient
    5. Add port groups (very optional) [I just edited this line, I did not mean protocol groups]
    6. Display log in columns to make quick review easier
    7. Keep all filter rules on one screen, that's where Kerio shines :)
    8. Maybe add SHA checksums to applications
    9. Keep tiny memory use
     
    Last edited: Mar 1, 2011
  16. rottenbanana

    rottenbanana Registered Member

    Joined:
    Jul 25, 2008
    Posts:
    51
    Location:
    -30?C
    +1 to a modern-day Kerio 2.1.5, it's been on my wishlist for years.
     
  17. wat0114

    wat0114 Guest

    For those curious about what CHX-I is, the following may shed some light on it:

    -http://members.shaw.ca/bind-pe_and_ics/chxi.htm

    (not sure if there's a better link, but this is the best I could find).

    I trialed it for only a short time some 5 years ago on XP, and it seemed to work perfectly as expected with no noticeable impact on system performance.
     
  18. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    Some info here:
    Look 'n' Stop vs. CHX-I vs. 8Signs
    -http://www.mntolympus.org/phpBB3/viewtopic.php?t=2032
    (there was a nice comparaison graphical page there but I cannot find it)

    And for sure that I would be interested by a new CHX-I / 8Signs firewall compatible with 7x64!
     
  19. Centurion

    Centurion Registered Member

    Joined:
    Sep 8, 2006
    Posts:
    11
    Was anyone making extensive use of conditional filters?
    What about triggers and payload filtering?
     
  20. wat0114

    wat0114 Guest

    No, I didn't but I probably would if they helped to bolster the packet filtering capabilities in regards to both security and efficiency. At the time I used the original I only set up some basic rules.
     
  21. Centurion

    Centurion Registered Member

    Joined:
    Sep 8, 2006
    Posts:
    11
    I would've expected at least some people will use the payload filtering and triggers as a simple packet-payload based port-knocking facility.
    ...
    Thank you all for answering.
    I'm not sure if it is too early to draw a conclusion to my initial question, but so far, it looks like only a handful of people (mostly security experts) will see some value in a new such piece of software. Nowadays we have huge amount of space on our harddrives, 2 or 4 CPUs cores (going idle most of the time) and no one seems to ask for more performance, less space and efficient use of the resources from a new piece of software. Big software corporation are impressing us with more and more features, fancy UIs and focus mostly on adding that little feature a genius developer came up with out of nowhere, just to be ahead of the competition.
    So, I guess, any attempt to compete with just a piece of efficiently crafted code with a minimal set of features focused on the needs of the expert users will sooner or later come to failure.
     
  22. rocom

    rocom Registered Member

    Joined:
    Mar 3, 2011
    Posts:
    1
    I miss chx-i and would be very happen if you at least made it Win 7 64bit compatible. It's hard to fine a true stateful packet filter these days.
     
  23. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,156
    w7 support the ipv6 but xp not


    can understand the gain about upv6 ? more secure for us?:cautious:
     
  24. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    If you where thinking of trying to make a living out of a re-incarnation of CHX-i, then that would be a very doubtful reality.
    Most users now look at leak-test prevention rather than packet filtering. [ It as always been beyond my grasp of understanding as to why anyone would want to sandbox malware on their system, rather than stopping it getting on their HD in the first place, but, whatever.]

    Anyway, good idea while it lasted.

    Regards,

    - Steve
     
  25. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    there is a new firewall coming that is totally different. Nuff said.;)
     
Loading...
Thread Status:
Not open for further replies.