>From: Joey Morin <jmorin at icomm dot ca>
> > That way if you know ssh on port X from blah.net knocks on the door of
> > your WAN calling itself TheNameOfTheThingIWantToWorkNow on port X, you
> > can more easily click a button labelled "Yeah. guide me through rules to
> > connect that one"
>kerio personal firewall does this under windoze. sort of. it's
>configured by default to ask the user any time any port of any kind is
>opened, inbound or outbound. you are then asked to premit, deny, and/or
>create a rule. quite nice, actuallly. makes it very easy to lock down a
>machine. i user the first alert the appears to create an advanced rule
>that permits all outbound traffic, and another that permits only inbound
>ssh (plus a couple of other msnetworking specific rules, which are
>actaully treated as special built-in functions of KPF).
From the ones I have seen, pretty much ALL software firewalls work this way.
I suppose it just makes sense.
Incidentally, I tried Kerio, but decide to ditch it after I noticed a few
- firstly I didnt like the way it allowed remote access to its
settings/logs, nor the way it used this same system to log the local user
into it's settings/logs console.
- it seemed to be the above system that was frequently failing when I logged
in, giving errors, and not working as it should, if at all.
That said, it was always WinGate (Kerios previous incarnation) that I used
back in the win 3.11 days.
It's entirely possible that I had some disabled services causing this
problem (i'm pretty sure I had telnet services enabled at the time - but
normally do not). But it was only working intermittently....so ZIIIP: out
comes the recent ghost image CD.
Around the same time i tried out ZoneAlarm, and despite it seeming mostly
ok, i did find it to be a little too idiot proofed for me to feel
comfortable about it. I can't remember exactly, but i think it related to
the lack of information it logged, and the limited variety of access/denial
I also tried TermiNet firewall demo, and VirusMD firewall.... IIRC both
seemed pitifully primitive, and probably not all that effective.... but it
was a fair while time ago.
BlackICE was what I used prior to that little testing phase, but...
Agnitum Outpost was suggested to me by another m0n0 list contributor (/me
waves) and thats what i still use.
It does seem a little flakey in the way it adds some apps twice to its
trusted/rules list.... and it's MD5 summing completely ignores the file path
(so 2 apps with the same .exe name will be seen as the same file
irrespective of differeing path names), but at least it does checksums.
However I like its Ad Blocker plugin, and the log display is very nice
(particularly if you are interested in how much data something is
>such functionality would have to tie into the default deny machinery,
>perhaps as easily as parsing the logs. the tough part would be making it
>work through a webgui, i think. how does mini_httpd force a page load
>when a packet is processed by the default deny rule? my gut tells me that
>it would be plenty ugly, if not impossible, to implement in php, and that
>i think is a step away from the spirit of m0n0...
>... but there's always room for modules :-)
I had a feeling someone with a deeper understanding of the relevant code
would say something like that... Oh well, just a suggestion. :)