Windows Firewall Elegance
Results 1 to 6 of 6

Thread: Windows Firewall Elegance

  1. #1
    Senior Member
    Join Date
    Apr 2003
    Posts
    147

    Windows Firewall Elegance

    Does anyone know of a firewall for windows 2k that will spare me the gui nonsense? I've tried norton personal firewall, Zone alarm, and Outpost. They all work, but I don't like them.. their too user freindly if you get my meaning. I just like IPTables nice simple way of doing it. Is there a firewall out there that I can invoke and configure from the cmd.exe prompt? On linux, if I want to change my firewal rules its just a few lines, or one of my premade scripts for common situations, I know EXACTLY what's going on. If I wanted to I could hack up a C script and use netfilter to do just about anything. Is there any windows firewall that will give me anything like this degree of control? Preferably with command line control. I may just need to upgrade to XP and use netsh etc...
    Just another rant, like the one about the URG flag yesterday. Thanks for any help you can provide.

    Jon.

  2. #2
    @ŽΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,696
    That would be a dream come true...

    Real security doesn't come with an installer.

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Member gn0min0mic0n's Avatar
    Join Date
    Mar 2004
    Posts
    43
    Kerio version 2 sits quietly in my system tray, asking only to accept incoming connections, and to question recently installed apps. No command-line/DOS stuff, tho
    But I prefer this firewall over the ugly (read: fisher price) GUI crap that seems to permeate the market today. It could use better logging (a third-party program handles this for me) and maybe a few built-in SamSpade-type tools, but these are minor gripes

  5. #5
    Senior Member
    Join Date
    Apr 2003
    Posts
    147
    Wow Tedob1, I didn't realize IPSec could do that. I got frustrated years ago when all it would talk about was keberos authentication, tunnelling and other stuff I didn't care about. It's a frightfully over-complex gui part. I acctually found the ways to crete "Filters" and "Filter actions" and apply them to "Policies" with the gui today now that I know it can be done. Microsoft made it way way too complicated. I need to play with XP's ICF and see if it's so bad. IPSecPol.exe, however, seems reasonably simple. As it states on the microsoft download page, it's rudamentary at best, but that's better than nothing. No stateful options other than the apparently default NEW. Forget about checking Flags and such, that's a laugh for IPSec apparently. The advanced functionality in IPSec is reserved for secure authentication. I'll let you be the judge on how useful MS's inplementation of that is... Either way it's windows 2000 basic firewalling on the command line!

    Now I can wield the puny power of win2k IPSec. Something I never thought I wanted to do

    Thanks alot I think I have my answer,

    Jon.

  6. #6
    Senior Member
    Join Date
    Apr 2003
    Posts
    147
    Oops, seems I jumped the gun assuming NEW was default... I'm not sure IPSec is stateful at all... Blocking an inbound packet with IPSec is blocking an inbound packet, not blocking a NEW inbound connection. It's still not to bad for a little tool to do basic port filtering. If you block all ports using options as close to NEW inbound connection as you can, you've really blocked all inbound packets... suck. So mutch for a default block rule. I don't intend to predict what source port mozilla, itunes, yahoo messenger, live update, and whatever else I use will select on startup. That's too inconvenient when IPSec could have just been built to recognize a frickin SYN packet. So now I have to make a rule to only block ports 53, 88, 135, 139, 389 ,445, 464, 593, 636, 1026, 1029, 3268, 3269, 5101. Don't ask me what half of them do. I know no more than nmap tells me. that's why I want them blocked There are somethings I like to go wonderfully in depth on, and somethings I just don't care about. Despite what I thought when I set up the box, the intracasies of win2k advanced server are one of the latter, their boring.

    But I got what I asked for, Cheers,

    Jon.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •