I hope my thread title described what I'm looking for fairly clearly. I've spent the last day looking for a decent replacement for Kerio Personal Firewall 2.x and have gone through about 15 software packages. Nearly all of them were terrible.
A good number of them would easily let in rogue traffic because they don't let you configure the firewall enough, relying on "automatic" rules. Most were designed for Joe User who does not have a clue about the structure of the Internet and in any case they lacked the functionality and simplicity of Kerio PF 2.x.
Kerio PF 2.x (and to a much lesser extent, Kerio PF 4.x) had a very well thought out and effective interface. Building firewalls around the paradigm of "allow all traffic from port 80, POP3, FTP, etc." does not make sense for the modern desktop user. This is one reason why I don't have all that much respect for hardware firewalls. This one size fits all rule does not apply in modern desktop computing. Today's user encounters a multitude of new software every day which may want to connect to the Internet, and every piece of software will have to be handled differently.
Kerio PF 2.x was built around the paradigm of "program control", i.e. every new program must be cleared before access is granted and denied. It then offers "port control" within each and every program. P2P programs use every port in the book so it makes sense to allow all their traffic through, while it might be useful to block port 80 from Outlook, for example.
None of the firewalls I used gave me this kind of functionality. Locking down an application to only one port takes 3 clicks with Kerio PF; it would be many, many more clicks on the newer firewalls, and even then the feature may not be available.
Another major difficulty I had is with "security levels". As the old saying goes "Keep It Simple, Stupid". This is something newer firewalls refuse to do. One had an option of 10 different security modes. Let's go back to Kerio PF 2.x. Three security modes - Allow All Traffic, Prompt User, Deny All Traffic. Simplicity. That's what the advanced user loves, don't you think?
There is so much bloat and irrelevant features in these products. Have they forgotten what a "firewall" is supposed to do? No, it's not supposed to be an anti-virus, a pop-up blocker or a content blocker. I simply want it to be a FIREWALL.
Does anyone know where I can find a software firewall with the features that Kerio PF 2.x had? Maybe even a clone of that version is in order? All the newer firewalls seem to be made with Joe User in mind: "let's churn out any old firewall for these idiots - they'll buy it anyway and think it's great".
BTW, I would continue to use it but the latest version in 2.x has a known issue whereby it will crash at a certain interval, thus making it unsuitable for an always-on connection.
Thanks if you can help. If you can't, it looks like it's almost impossible to get a decent software firewall and I'll have to run a Linux box to do it instead. And sorry if this is a bit long..