Jetico firewall

Now what about some auditing? Oh wait, it doesn't even permit referencing to TCP states in ruleset, and therefore is pretty unusable in about any reasonable content.

Anyway, please troll away, you dirty address faker!

There is no need for that attitude, i just asked a question that's all. De der.

Version 1.x.x has been around now for over a year without change. It has some bugs and issues, but is fairly stable.

There is also a public beta of version 2 available here:

The version 2 beta has numerous bugs and issues, so beware. Some are described here:

and also here: Beware particularly of the uninstall problem(s). The uninstaller fails and you'll have to manually remove the files and registry entries when the time comes to remove it (this is v2 beta only).

What attitude? You're the one who is intentionally faking his eMail address in his postings, violating both technical and social rules.

Anyway, you've got a competent answer. Even though you don't deserve it.

Thanks for the info, it does seem ok as far as pfw goes and is better than xp2 firewall, will run it for a while and see if any problems arise.

I have run an older version on a few systems and have been VERY impressed with it. I personally come from the Linux IPTables / EBTables world and am finally happy with Jetico Personal Firewall, as I feel like it provides all the control that I need / want to design for my systems and my clients.

Grant. . . .

When last I looked, I thought I had found a way to do some state checking. However, I do not remember if the state was compiled in or if I could make decisions based on my own parameters. I will have to re-check this and let you know.

The OP, is FAR from the only person that does not use his correct email address. What would a user do if they did not have an email address but wished to communicate via NNTP? I do not believe they should be forced to obtain even a free email address just to use NNTP. Besides the tone of the comment and / or the insult was unnecessary.

Grant. . . .

What sort of auditing are you wanting? I just checked and 1.0.1.61 does, and the previous version that I've worked with did too, allow you to set up logging of rules, per rule at that.

What sort of state checking are you wanting to do? There is an option on a "System IP Rule" for TCP traffic to check the state. You can also check for various flags. State it's self is not very hard to keep track of. As such, I would not have a problem with the firewall keeping track of if a packet is new, related, unrelated, etc.

Grant. . . .

Generel packet filter auditing. How does it react to invalid or uncommon values, what about overlapping and/or small IP fragments, how does is divert SYN/ACK/FIN/UDP/ICMP floods etc.

The question is whether you can actually refer to the states in your ruleset. Can I say that every incoming TCP packet with destination port

1 0 161 is the version i'm using and after the initial setup, which was relatively easy compared to some i've tried, there have been no problems running it.

Don't worry about Sebastian. He's new and doesn't realize the vast majority of Usenetizens munge their e-mail address, use a bogus one, or don't even put an e-mail syntaxed string in the From header. He likes spam. The rest of us don't.

You're wrong.

There are many possibilities to get a valid mail address. And that's all, what you need to fake that as "sender's address".

Yours, VB.

And I know such victims.

Yours, VB.

In that case I sympathize, and apologize. And to avoid drawing this discussion out, I'll leave it at that.

It may be a larger percentage, but it's easier to use a correct invalid address snipped-for-privacy@nowhere.invalid than it is to check to see if some made up domain is being used. My guess is that most of the people who make up fake sounding domains don't know about RFC 2606. When corrected by someone who does, they get defensive instead of saying that they made a mistake and will do the right thing.

Mike

I think the best that J.P.F. will offer is to log the traffic where you can view it and later decide if it is behaving the way that you want it to or not.

My only complaint, if it is one, is that J.P.F. does not run as a service, but rather starts up when the user logs in. However, I believe this could easily be over come by configuring J.P.F. with one of the many service wrapper programs that exist for NT / 2k / XP.

Grant. . . .

It will hardly log that it crashed. It will hardly log high CPU utilization. It will hardly log having ignored IPv6.

Why do you think so? Putting additional security-critical code on the system is generally a bad idea until justified.

Indeed.

I'm not familiar with Wipfw. I'll have to take a look at it some time.

I was stating that I believe J.P.F. is better than Windows XP SP2's built in firewall. I'm not stating that J.P.F. is or is not better than your, or any one else's, firewall. I have used J.P.F. before and found it to be sufficient for my needs at the time. I don't know if this will or will not be the case in the future. I'll cross that bridge when I get there. With your information on Wipfw I'll possibly consider it at such time.

Grant. . . .