OK . . . since my system is finally up and running OK . . . I need a free firewall. I've read many posts here with a wide variety of what's the best. What do YOU use and why?
If you are adimate about staying with a freeware software firewall, my vote would go towards kerio (KPF 2.15). Find it here: http://www.kerio.com/dwn/kpf2-en-win.exe That is hands down the best freeware rule-based firewall there is. If you chose that one be sure and get help with your rule-set (PM me if you need help)
If you feel like spending a little cash and purchase a shareware firewall, I would strongly consider Agnitum Outpost Pro (www.agnitum.com). There is another option, which I personally use. Research LooknStop a.k.a. LnS (www.looknstop.com) It is the best firewall I have ever seen. It is rule based (as better firewalls are) and haave an extremely small footprint (uses little system resources). PM more is you want further details.
If you're going to *buy* a firewall, buy a firewall -- a Stateful Packet Inspection (SPI) firewall [this is a piece of hardware]. Why waste money on software to bog your system down? Get a *real* firewall.
I knew back in the day when software firewalls were coming out that there'd be this kind of trouble... man I hate software firewalls
Hardware firewalls are nice but can not take the place of software firewalls. You cannot have application filtering with them. Also, you cannot have some of the feartures of Outpost (ad blocking, reffer blocking, cookie blocking, etc) Also hardware firewalls, for whatever reason, always respong to ICMP echo pings, so you would not be COMPLETELY stealth.
FYI, PeerGuardian is not a firewall it is an IP address blocker, and a damn good one at that (v2)
Yeah I know that it's not a "firewall". It's a kernel level blackhole filter. But effectively, it's a firewall. What else could "IP blocker" possibly mean? I put in an IP address, I get no IP packets from that address any longer. Yes, it's not stateful, and is fully manual. Oh well.
It's all I use. I don't use a hardware nor software firewall. Application filtering is probably nice for people who don't know anything about what their software is doing, but there's another edge to the sword. The application firewall is going to ask a lot of questions about what the user wants the application to be able to do, and invariably, the user is going to have to *guess*, because they don't understand firewalling, application behavior in general, or the application is named badly and is confusing, etc. I don't know how many customers I've had where they actually blocked Internet Explorer itself, as well as svchost/generic host process et al... Several times, a customer has had two or three antivirus/firewall combinations running at the same time, and they would constantly ask if the other one could do something. Norton Internet Security has a funny habit sometimes of asking if Norton Internet Security can access the internet.
Any hardware firewall that responds to ICMP when you tell it not to is not the firewall you'd want. Sounds like a piece of crap to me. You made it seem like ALL firewalls do this, when that is not the case.
All Windows firewalls sucks, they're basically toys, often as trivial as having a ON and OFF button.
Often combined with a fancy IDS that tend to get people paranoid.
Best I've come across is iptables/netfilter on Linux, it's sweet. Because you can configure alot of aspects of it, reject/drop packets, define ICMP type to filter, SYN packet, ip/port/protocol, etc.
are you saying its too advanced for your tipical user to understand, or that theres too many things to manually set up? would you recomend it to anyone or just certain types of people?
About manual: It's not a firewall, so blacholing an IP involves manually adding the IP to the database. (The program is designed to block 300+ million IP addresses that belong to spammers, P2P robots, US-government watchdogs, spyware sites, rogue advertisement sites, and more)
About stateful: It's not a firewall, so it doesn't deal with packets on an 'if-then-else' basis. It discards either all, or none, of the packets from a given IP address. It's not really that advanced for a user. A user can turn it on and forget about it, really. Until they have a problem connecting to a certain IP... then they have to turn off PG to see if PG is blocking it.
PS: If you use PG, you have to unblock my website. DjLizard.net's IP belongs to a range that used to belong to scammers/spammers/spyware peddlers, but since those kinds of people are fly-by-night, as soon as they got IP banned in the major lists, they left. Then comes some unfortunately soul (me) who has to deal with the fact that I'm on a banned IP range, all because of someone who was using the IP only for a few moments. IP blocks get bought and sold all the time, and blocklists really wreak havoc on those transactions. :/