What firewall do you prefer

[TheGeek]

I have zone alarm right now. Its taking over my computer and making everything painfully slow.

 

Any suggestions?

[lousiest]

Does cost factor in? Was on Symantec for a couple of years, then I went looking for a free suite. Tried to pick one that was secure, performant, and easy to use based on reviews online. Some of the names that frequently came up among the top were:

 

1. Kapersky Internet Security

2. Norton Internet Security

3. Comodo Internet Security

4. Zone Alarm

 

As usual, couldn't find one that seemed to top most if not all reviews.

 

I ultimately settled for Comodo (not entirely sure why I did, but after using it, the one feature I like is the community feedback, which basically tells you the percentage of users who allowed a program flagged as malicious by Comodo vs those who blocked it). But like the review at http://www.pcmag.com/article2/0,2817,2333448,00.asp mentions, Comodo does seem to flag a lot of valid programs.

[yErMoTH3r]

Pull together a really old computer with a minimum of 4.3GB hdd, 128MB ram, 2 NICs and load up a linux or BSD firewall ie. Smoothwall, Endian, IPCop, PfSense ... many others. Stick that between the inet and your local lan.

 

http://www.fsckin.com/2007/11/14/7-different-linuxbsd-firewalls-reviewed/

[bushwack]

I was using Zone Alarm free firewall too before but it's not compatible with Win7, so i'm just using the one built into windows. The hardware firewall in my router was doing 99.9% of the work anyway it seemed.

Edited August 12, 2009 by bushwack

[monthos]

Pull together a really old computer with a minimum of 4.3GB hdd, 128MB ram, 2 NICs and load up a linux or BSD firewall ie. Smoothwall, Endian, IPCop, PfSense ... many others. Stick that between the inet and your local lan.

 

http://www.fsckin.com/2007/11/14/7-different-linuxbsd-firewalls-reviewed/

 

While I realize its not for everyone. That's probably the best choice if you prefer your local desktop not get slowed down by additional software. Back when I lived in Cleveland I had 1.5mb DSL as well as cable and went through the hassle of doing routing based on destination. Best internet setup I EVER had though I also had multiple static IP's, which I used for when all my friends came over with their xbox 360's. btw console gaming gets real finicky with its p2p gaming when only one of them gets the assigned port forwarded to them...

 

Anyways, now I just have a nice small Cobalt Raq4 server that I got for free. Runs debian and one Ethernet is for my cable, one for my lan. Works well and I can keep better tabs on when my room mate torrents and slows me down I will never use small router from a store for a router again.

Edited August 12, 2009 by monthos

[TheFirstMonk]

I've used Comodo Firewall on my old computer before. It's an advanced firewall that you have to take the time and set rules for and modify to your liking. I'm still getting used to it because it can be rather intrusive. For example, I usually have to switch modes constantly when I am installing a new program or something. If I don't, I get several warning popups about whether or not to block the program being executed. It's a very secure firewall from what I've read and experienced, but it's almost too secure if that makes sense.

 

I dunno if anyone here has experience in making it easier to use; you might want to talk to them first.

[yErMoTH3r]

Pull together a really old computer with a minimum of 4.3GB hdd, 128MB ram, 2 NICs and load up a linux or BSD firewall ie. Smoothwall, Endian, IPCop, PfSense ... many others. Stick that between the inet and your local lan.

 

http://www.fsckin.com/2007/11/14/7-different-linuxbsd-firewalls-reviewed/

btw console gaming gets real finicky with its p2p gaming when only one of them gets the assigned port forwarded to them...

Definitly not for everyone...but do-able...on Endian 2.2Final

 

libupnp-1.4.2-1.el3.rf.i386.rpm http://dag.wieers.com/rpm/packages/libupnp/

linux-igd-0.95-1.i386.rpm http://rpm.pbone.net/index.php3?stat=3&search=linux-igd&srodzaj=3

extract both on your windows box with uniextract http://legroom.net/software/uniextract

 

from c:\whereyouextracted\libupnp-1.4.2-1.el3.rf.i386\usr\lib

copy libixml.so.2.0.3, libthreadutil.so.2.1.0 and libupnp.so.2.0.3 to your endian /usr/lib via winscp http://winscp.net/eng/index.php

 

# cd /usr/lib

# chmod 755 libixml.so.2.0.3

# chmod 755 libthreadutil.so.2.1.0

# chmod 755 libupnp.so.2.0.3

# ln -s libupnp.so.2.0.3 libupnp.so.2

# ln -s libthreadutil.so.2.1.0 libthreadutil.so.2

# ln -s libixml.so.2.0.3 libixml.so.2

 

from c:\whereyouextracted\linux-igd-0.95-1.i386\linux-igd-0.95-1.i386.cpio\

copy \etc\init.d\upnpd to /etc/init.d

copy \etc\linuxigd to /etc

copy \etc\sysconfig\upnpd to /etc/sysconfig

copy \usr\sbin\upnpd to /usr/sbin

 

# chmod 755 /usr/sbin/upnpd

# chmod 755 /etc/init.d/upnpd

 

give it a whirl/test your xbox360 (i dont have consoles to try).

from a prompt type:

# upnpd -f ppp0 br0

 

 

You should see:

upnpd[497]: UPnP SDK Successfully Initialized.

upnpd[497]: Succesfully set the Web Server Root Directory.

upnpd[497]: IGD root device successfully registered.

upnpd[497]: Advertisements Sent. Listening for requests ...

[bushwack]

I will never use small router from a store for a router again.

I was thinking that store bought routers with hardware firewalls (like my Linksis) typically ran 200mhz cpus with 8-32mb RAM and a version of linux. How is this different from a computer with a 200mhz cpu, 8-32mb RAM and a version of linux?

[TheGeek]

I think I'm going to set up IPcop. My router/firewall is not forwarding ports properly so I think its going to be a good change.

 

I was trying to avoid doing IPcop because the only spare computer is really unreliable. Its mainly made of spare parts from 2 different computers.

 

What I'm also going to do is just not have zone alarm start up and use it only when I'm not behind a hardware firewall.

 

 

Thanks for all your suggestions! I will let you know how IPcop turns out. Wish me luck! I've never had good luck with configuring the red interface with DHCP.

[NOFX]

I'm going to try one of these out this week.

Edited August 12, 2009 by .fx

[yErMoTH3r]

I will never use small router from a store for a router again.

I was thinking that store bought routers with hardware firewalls (like my Linksis) typically ran 200mhz cpus with 8-32mb RAM and a version of linux. How is this different from a computer with a 200mhz cpu, 8-32mb RAM and a version of linux?

little - odds are one is an arm, transmeta or a weak via series cpu...vs a full intel - power is another thing 35w compared to 200w

Id be suprised if someone actually has a working 200mhz rig laying around. I do - it was good back in 1994 for dos/os2/win3.1. Still enough to push packets but the isa bus may kill you. Odds are todays 'crap' to be had for free will be in the 500-1ghz range with 128-512mb ram or better. Hopefully an emachine someone left on the lawn :-) or a dell gs150 (p3-833).

 

Ive never used ipcop, clarkconnect or monowall. I've used pfsense, smoothwall, and endian - each having it's own crew of people sharing how to achieve better than ootb linksys type appliances. Ive also never tried the wrt54gl...but it looked promising.

[stutters]

Ive also never tried the wrt54gl...but it looked promising.

i've been running dd-wrt on my wrt54g. works for what i need - port forwarding, simple qos, and a locked down firewall. about to try openwrt on my new wrt54gl...hoping it helps resolve my router lock when i've got multiple torrents (>200) seeding, or connect to an active swarm.

 

linksys ootb is junk, though.

[yErMoTH3r]

about to try openwrt on my new wrt54gl...hoping it helps resolve my router lock when i've got multiple torrents (>200) seeding, or connect to an active swarm.

lemme know how that goes...you run into a winblows tcpip stack convention of a 'max limit' of half open connections...so i assume openwrt has a torrent 'plugin' to avoid the winblows saves all convention...like normal tcpip implementations.

[TheGeek]

about to try openwrt on my new wrt54gl...hoping it helps resolve my router lock when i've got multiple torrents (>200) seeding, or connect to an active swarm.

lemme know how that goes...you run into a winblows tcpip stack convention of a 'max limit' of half open connections...so i assume openwrt has a torrent 'plugin' to avoid the winblows saves all convention...like normal tcpip implementations.

 

I just got IPcop up and running. I don't like how you need to restart the pc when ever you want to renew the dhcp from the modem. Other than that, ports are FINALLY getting forwarded. The linksys I had before had a problem with that.

 

The next project is to set up a wireless router on a DMZ.

[yErMoTH3r]

I just got IPcop up and running. I don't like how you need to restart the pc when ever you want to renew the dhcp from the modem.

That just doesn't sound right...but try:

 

ipconfig /release

ipconfig /renew

[stutters]

lemme know how that goes...you run into a winblows tcpip stack convention of a 'max limit' of half open connections...so i assume openwrt has a torrent 'plugin' to avoid the winblows saves all convention...like normal tcpip implementations.

blech. waiting on shipping from amazon.

 

also, no winblows here, just os(u)x 10.5.8. don't think there's a max limit issue, but idunno.

[ZeroDamage]

While this is all interesting, much of what is being recommended is too much for a simple home configuration. Unless you are regularly downloading porn and pirated software, you do not need a 3rd party software firewall on your computer. Actually, what you need is beyond the help of any 3rd party application. The built in Windows Firewall and a good home use Linksys router with the open source DD-WRT firmware on it is more than enough. Port forwarding works like a charm. QoS or Quality of Service controls work just fine. Unless you have multiple static IP addresses in your home, a simple router is more than sufficient.

[TheGeek]

I just got IPcop up and running. I don't like how you need to restart the pc when ever you want to renew the dhcp from the modem.

That just doesn't sound right...but try:

 

ipconfig /release

ipconfig /renew

 

I meant restarting the server with init 6.