Firewall

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

Post Reply
Davethewave
Posts: 16
Joined: Sat Nov 05, 2005 5:17 am

Firewall

Post by Davethewave » Tue Nov 15, 2005 11:21 pm

I understand the firewall feature is quite a ways off from a previous post but I was wondering if it would be possible to make the firewall much like ZoneAlarm in the ability to request that a program may have access to the internet rather than messing with ports? Perhaps if we ask nicely ZoneLabs will OK the addition of Zonalarm (free edition) into ReactOS? I don't quite know how licensing works with that though.

florian
Posts: 453
Joined: Tue Nov 01, 2005 2:19 am
Location: Germany

Post by florian » Wed Nov 16, 2005 1:06 am

Attempts of Open Source Firewalls for Windows:

- http://wipfw.sourceforge.net/
WIPFW is a MS Windows operable version of well-known IPFW1 for FreeBSD OS.
- http://programmerworld.net/personal/firewall.htm
NetDefender firewall of two guys from India.

- http://sourceforge.net/projects/firewallpapi/

- http://winsockfirewall.sourceforge.net/

Well, I don`t have any preferences as I am also used to zonealarm and don`t understand too technical stuff therefore I don`t know which one could or would be a good choice.
But I think that it could be tricky to integrate such a "commercial" freeware into a ros distro. And by the way we all have different favourites of firewalls so why should zonealarm be integrated. You could install it anyway as you can do it right now on your OS.

Davethewave
Posts: 16
Joined: Sat Nov 05, 2005 5:17 am

Post by Davethewave » Wed Nov 16, 2005 2:25 am

Ok cool :) I just thought it would be nice intigrated... better than windows anyways. After a clean install on windows as soon as I connect to the internet to attempt to go to the zonealarm site to download it I get worms.

TiKu
Posts: 157
Joined: Wed Jan 05, 2005 9:09 pm
Location: Unterföhring, Germany
Contact:

Post by TiKu » Wed Nov 16, 2005 2:48 am

Davethewave wrote:Ok cool :) I just thought it would be nice intigrated... better than windows anyways. After a clean install on windows as soon as I connect to the internet to attempt to go to the zonealarm site to download it I get worms.
That's just a question of configuration. A well configured PC doesn't really need a firewall - and yes, I'm talking about Windows XP. And even the integrated firewall of XP is more secure than ZoneAlarm and other personal firewalls.
See this page for details.

Ged
Developer
Posts: 925
Joined: Thu Sep 29, 2005 3:00 pm
Location: UK

Post by Ged » Wed Nov 16, 2005 10:30 am

I've started research into the firewall now. There are no open source firewalls which I consider to be secure enough to integrate into ROS, thus we will be writing our own.

The end product will be an NDIS driver which operates at the bottom of the network stack for maximum security.

ViRUS
Posts: 17
Joined: Tue Nov 30, 2004 2:57 am
Location: Russia
Contact:

Post by ViRUS » Wed Nov 16, 2005 11:06 am

Simple TDI based firewall: http://tdifw.sourceforge.net/

reub2000
Posts: 100
Joined: Fri Dec 03, 2004 5:54 pm
Location: Evanston, IL, US

Post by reub2000 » Wed Nov 16, 2005 11:09 am

TiKu wrote:
Davethewave wrote:Ok cool :) I just thought it would be nice intigrated... better than windows anyways. After a clean install on windows as soon as I connect to the internet to attempt to go to the zonealarm site to download it I get worms.
That's just a question of configuration. A well configured PC doesn't really need a firewall - and yes, I'm talking about Windows XP. And even the integrated firewall of XP is more secure than ZoneAlarm and other personal firewalls.
See this page for details.
I don't speak any German.

In a perfect world, no services would be running that shouldn't be running. But we aren't living in a perfect world, and we need firewalls.

IMO, the firewall should be something like netfilter/iptables. A part of the kernel, and flexible and configurable. Also, the default setup should drop unsolicited packets not coming from 127.0.0.1, unless the user explicitly unblocks a port.

Also, reactos shouldn't contain a proprietary firewall like zonealarm.

Ged
Developer
Posts: 925
Joined: Thu Sep 29, 2005 3:00 pm
Location: UK

Post by Ged » Wed Nov 16, 2005 11:40 am

ViRUS wrote:Simple TDI based firewall: http://tdifw.sourceforge.net/
TDI sits above tcpip.sys and IMO this is too high.
IMO, the firewall should be something like netfilter/iptables. A part of the kernel, and flexible and configurable
As above, it will be a device driver which are similar to linux kernel modules.
It will also be fully configurable.

TiKu
Posts: 157
Joined: Wed Jan 05, 2005 9:09 pm
Location: Unterföhring, Germany
Contact:

Post by TiKu » Wed Nov 16, 2005 1:17 pm

reub2000 wrote:I don't speak any German.
Sorry, should have posted the direct link to the English version of this site: http://www.ntsvcfg.de/ntsvcfg_eng.html
reub2000 wrote:IMO, the firewall should be something like netfilter/iptables. A part of the kernel, and flexible and configurable. Also, the default setup should drop unsolicited packets not coming from 127.0.0.1, unless the user explicitly unblocks a port.

Also, reactos shouldn't contain a proprietary firewall like zonealarm.
I agree with you. I'm not totally against firewalls. I just wanted to make clear that it's possible to use Windows XP without a firewall and not getting infected with malware immediately.

florian
Posts: 453
Joined: Tue Nov 01, 2005 2:19 am
Location: Germany

Post by florian » Wed Nov 16, 2005 3:54 pm

I would also recommend to read http://www.ntsvcfg.de/ntsvcfg_eng.html
and a long time ago I did it.
But isn`t for instance zonealarm also checking which applications are outgoing programs and whether they changed - maybe into a corrupt, hacked application.
Anyway on the following page you can find an application which is based on the knowledge of the previous page. The settings are then done easily by some clicks but still it is of course better to do it manually:
http://www.dingens.org/index.html.en.
(The German site is containing more infos.)

reub2000
Posts: 100
Joined: Fri Dec 03, 2004 5:54 pm
Location: Evanston, IL, US

Post by reub2000 » Thu Nov 17, 2005 5:45 pm

I find the application control part of Zone Alarm to be more of an annoyance than anything.

Ged
Developer
Posts: 925
Joined: Thu Sep 29, 2005 3:00 pm
Location: UK

Post by Ged » Thu Nov 17, 2005 6:27 pm

Initially it won't have application support. It will be developed as a TCP/IP filtering driver (obviously with support for standalone protocols like ICMP too)

Rules will be something along the lines of iptables, and eventually a GUI will be built to automate this.

We're looking a good 12 months into the future here though.

Jaix
Moderator Team
Posts: 838
Joined: Sat Nov 27, 2004 3:40 pm
Location: Sweden, Växjö

Post by Jaix » Fri Nov 18, 2005 12:34 am

reub2000 wrote:I find the application control part of Zone Alarm to be more of an annoyance than anything.
But it is really good when some apps use a random port #, then ZA will still be able to let it through.

Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot] and 4 guests