[ previous ] [ next ] [ threads ]
 
 From:  "Andrew Eglington" <aeglington at hotmail dot com>
 To:  joeymorin at alumni dot uwaterloo dot ca
 Cc:  mk at neon1 dot net, m0n0wall at lists dot m0n0 dot ch
 Subject:  port forwarding and SUGGESTION
 Date:  Mon, 28 Jun 2004 17:49:21 +1000
>From: Joey Morin <jmorin at icomm dot ca>
> >.........
> > That way if you know ssh on port X from blah.net knocks on the door of
> > your WAN calling itself TheNameOfTheThingIWantToWorkNow on port X, you
> > can more easily click a button labelled "Yeah. guide me through rules to
> > connect that one"
>
>kerio personal firewall does this under windoze.  sort of.  it's
>configured by default to ask the user any time any port of any kind is
>opened, inbound or outbound.  you are then asked to premit, deny, and/or
>create a rule.  quite nice, actuallly.  makes it very easy to lock down a
>machine.  i user the first alert the appears to create an advanced rule
>that permits all outbound traffic, and another that permits only inbound
>ssh (plus a couple of other msnetworking specific rules, which are
>actaully treated as special built-in functions of KPF).


From the ones I have seen, pretty much ALL software firewalls work this way.
I suppose it just makes sense.

Incidentally, I tried Kerio, but decide to ditch it after I noticed a few 
...weirdnesses....
- firstly I didnt like the way it allowed remote access to its 
settings/logs, nor the way it used this same system to log the local user 
into it's settings/logs console.
- it seemed to be the above system that was frequently failing when I logged 
in, giving errors, and not working as it should, if at all.

That said, it was always WinGate (Kerios previous incarnation) that I used 
back in the win 3.11 days.

It's entirely possible that I had some disabled services causing this 
problem (i'm pretty sure I had telnet services enabled at the time - but 
normally do not). But it was only working intermittently....so ZIIIP: out 
comes the recent ghost image CD.

Around the same time i tried out ZoneAlarm, and despite it seeming mostly 
ok, i did find it to be a little too idiot proofed for me to feel 
comfortable about it. I can't remember exactly, but i think it related to 
the lack of information it logged, and the limited variety of access/denial 
methods.

I also tried TermiNet firewall demo, and VirusMD firewall.... IIRC both 
seemed pitifully primitive, and probably not all that effective.... but it 
was a fair while time ago.

BlackICE was what I used prior to that little testing phase, but...
Agnitum Outpost was suggested to me by another m0n0 list contributor (/me 
waves) and thats what i still use.
It does seem a little flakey in the way it adds some apps twice to its 
trusted/rules list.... and it's MD5 summing completely ignores the file path 
(so 2 apps with the same .exe name will be seen as the same file 
irrespective of differeing path names), but at least it does checksums.
However I like its Ad Blocker plugin, and the log display is very nice 
(particularly if you are interested in how much data something is 
transferring.



>such functionality would have to tie into the default deny machinery,
>perhaps as easily as parsing the logs.  the tough part would be making it
>work through a webgui, i think.  how does mini_httpd force a page load
>when a packet is processed by the default deny rule?  my gut tells me that
>it would be plenty ugly, if not impossible, to implement in php, and that
>i think is a step away from the spirit of m0n0...
>
>... but there's always room for modules :-)
>
>jj


I had a feeling someone with a deeper understanding of the relevant code 
would say something like that... Oh well, just a suggestion. :)

_________________________________________________________________

Married. http://lifeevents.msn.com/category.aspx?cid=married