suggestions for firewall please

Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
Post Reply
percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

suggestions for firewall please

Post by percepts » 2012-06-14 02:01

I am currently using windows 7 inbuilt firewall which is grossly over complicated for my purposes.
Can anyone recommend a simple firewall or a router with good firewall which has good interface and hacking protection. i.e. easy to add IP numbers to block.

I used to use zonealarm but the newer versions seem to decide for themselves what they will block or not.

black zero
Normal user
Normal user
Posts: 111
Joined: 2008-08-01 15:26

Re: suggestions for firewall please

Post by black zero » 2012-06-14 08:40

Not sure why Windows 7's regarded as complicated. I've been using it and no issues.

If you want to block IP, it would be better to do pessimistic approach - Block All Allow Some (whitelisting). That way you don't need to block multiple IPs since it means more work for you.

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: suggestions for firewall please

Post by ^DooM^ » 2012-06-14 10:46

I have heard good things about http://www.filseclab.com/eng/products/firewall.htm however I have never installed it

I have installed http://sourceforge.net/projects/wipfw/ though but it's not application based, it's an IP packet filter so you need to setup rules for ports and IP's. It would be a steep learning curve for those only used to programs like zone alarm however once you have it set up and running it will serve your needs perfectly.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: suggestions for firewall please

Post by percepts » 2012-06-14 14:17

I spent most of last night reading up on w7 firewall and it seems I had it setup the wrong (simple) way. I have now adopted black zeros approach(thanks) and it makes much more sense now. It's more work for initial setup but I think its now closed off a lot potential access. i.e. no in or out traffic unless I specifically authorise it.
And whilst reading up I did find people saying that the W7 firewall doesn't have all the compatibility problems that some third party solutions have. So for now I'll stay with it but thanks for suggestions. I will take a look at them just in case.
Only thing is W7 FW doesn't do much notification so you have to check the logs to see whats failing I think.

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: suggestions for firewall please

Post by ^DooM^ » 2012-06-14 17:40

You will find most server firewalls are silent and only report to logs as servers are most commonly unmanned.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: suggestions for firewall please

Post by percepts » 2012-06-15 01:23

the W7 FW doesn't seem to report anything to logs if the default rule is applied(I have verbose logging switched on ). i.e. if you set it to block all incoming connections except for connections to specified programs, then there is no logging of anything rejected because there is no rule for it. At least that seems to be what is hapenning but I'll monitor it over the next few days now that I have this new configuration.

evilware
New user
New user
Posts: 26
Joined: 2012-08-29 19:15
Contact:

Re: suggestions for firewall please

Post by evilware » 2012-08-29 20:15

You can configure windows firewall to do the logging for you
Wouldnt it be easier just to run a linux box?

chpalmer
Normal user
Normal user
Posts: 30
Joined: 2009-11-16 00:38

Re: suggestions for firewall please

Post by chpalmer » 2012-09-09 08:46

pfsense.org :mrgreen:

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: suggestions for firewall please

Post by ^DooM^ » 2012-09-09 10:01

chpalmer wrote:pfsense.org :mrgreen:
This is what I use and is highly recommended if you have the hardware to put in front of your other servers.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: suggestions for firewall please

Post by Bill48105 » 2012-09-10 03:36

^DooM^ wrote:
chpalmer wrote:pfsense.org :mrgreen:
This is what I use and is highly recommended if you have the hardware to put in front of your other servers.
+1 but think the OP was about software firewalls since he mentioned zonealarm & Windows firewall but yeah +1000 on pfsense as far as I'm c concerned. :D
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

chpalmer
Normal user
Normal user
Posts: 30
Joined: 2009-11-16 00:38

Re: suggestions for firewall please

Post by chpalmer » 2012-09-12 05:38

Bill48105 wrote:
^DooM^ wrote:
chpalmer wrote:pfsense.org :mrgreen:
This is what I use and is highly recommended if you have the hardware to put in front of your other servers.
+1 but think the OP was about software firewalls since he mentioned zonealarm & Windows firewall but yeah +1000 on pfsense as far as I'm c concerned. :D
Responding to this part...
or a router with good firewall

:mrgreen:

Post Reply