|
||||||||||
>From: Joey Morin <jmorin at icomm dot ca> > >......... > > That way if you know ssh on port X from blah.net knocks on the door of > > your WAN calling itself TheNameOfTheThingIWantToWorkNow on port X, you > > can more easily click a button labelled "Yeah. guide me through rules to > > connect that one" > >kerio personal firewall does this under windoze. sort of. it's >configured by default to ask the user any time any port of any kind is >opened, inbound or outbound. you are then asked to premit, deny, and/or >create a rule. quite nice, actuallly. makes it very easy to lock down a >machine. i user the first alert the appears to create an advanced rule >that permits all outbound traffic, and another that permits only inbound >ssh (plus a couple of other msnetworking specific rules, which are >actaully treated as special built-in functions of KPF). From the ones I have seen, pretty much ALL software firewalls work this way. I suppose it just makes sense. Incidentally, I tried Kerio, but decide to ditch it after I noticed a few ...weirdnesses.... - firstly I didnt like the way it allowed remote access to its settings/logs, nor the way it used this same system to log the local user into it's settings/logs console. - it seemed to be the above system that was frequently failing when I logged in, giving errors, and not working as it should, if at all. That said, it was always WinGate (Kerios previous incarnation) that I used back in the win 3.11 days. It's entirely possible that I had some disabled services causing this problem (i'm pretty sure I had telnet services enabled at the time - but normally do not). But it was only working intermittently....so ZIIIP: out comes the recent ghost image CD. Around the same time i tried out ZoneAlarm, and despite it seeming mostly ok, i did find it to be a little too idiot proofed for me to feel comfortable about it. I can't remember exactly, but i think it related to the lack of information it logged, and the limited variety of access/denial methods. I also tried TermiNet firewall demo, and VirusMD firewall.... IIRC both seemed pitifully primitive, and probably not all that effective.... but it was a fair while time ago. BlackICE was what I used prior to that little testing phase, but... Agnitum Outpost was suggested to me by another m0n0 list contributor (/me waves) and thats what i still use. It does seem a little flakey in the way it adds some apps twice to its trusted/rules list.... and it's MD5 summing completely ignores the file path (so 2 apps with the same .exe name will be seen as the same file irrespective of differeing path names), but at least it does checksums. However I like its Ad Blocker plugin, and the log display is very nice (particularly if you are interested in how much data something is transferring. >such functionality would have to tie into the default deny machinery, >perhaps as easily as parsing the logs. the tough part would be making it >work through a webgui, i think. how does mini_httpd force a page load >when a packet is processed by the default deny rule? my gut tells me that >it would be plenty ugly, if not impossible, to implement in php, and that >i think is a step away from the spirit of m0n0... > >... but there's always room for modules :-) > >jj I had a feeling someone with a deeper understanding of the relevant code would say something like that... Oh well, just a suggestion. :) _________________________________________________________________ From ‘will you?’ to ‘I do,’ MSN Life Events is your resource for Getting Married. http://lifeevents.msn.com/category.aspx?cid=married |