I am looking for a Firewall that works on Windows 7 where I can block everything except my router IP. On XP I am able to do so using Kerio 2.1.5 with the following rule set http://www.dslreports.com/forum/r8023708-BZ-Kerio-2x-Default-Replacement-Update
With that rule set if you do not specify your router IP in the "Router Configuration" rule nothing will be able to access the internet.

No, you are wrong.

Permitting access to the router's IP doesn't grant you access to Internet.

That rule in particular only lets access to the router IP, probably for configuration access (the rule name says everthing, in fact).

Unless you have a proxy in the router and you need to access internet through it, that rule is just dumb and the way you pretend (the guy of dslreports, actually).

I use Kerio 2.1.5 myself and I have access blocked for the router IP except one app as a measure for XSS attacks and... you know what? Here I am!!!

You need to understand that when you connect, let's say to this forum, you aren't requesting access to the router and then the router to the forum IP out there.

Windows applications directly calls the forum IP through the windows socks (or whatever library is used in Win7). When this happens, windows founds that the IP can't be access directly (by its network) and there will try to use, in this case, a gateway (do you know what is a gateway?), in this case 192.168.1.1 and the router will route (there is where the name comes) accordingly the IP packets to where is needed, but, even the router, doesn't know where to route, it will send the packet to its ISP gateway too, and this will route to another, and another, and another, until the forum is reached.

Actually, Windows and the forum will talk themshelves but after different routes.

I will tell this simplier. Do a tracert to kmeleon.sourceforge.net and look if the router IP (or other router acting as gateway) appears somewhere.

You'll find that there is no where.

This was a dumb test also, because it will tell just the routing, but will show you that routers, actually gateways, won't be shown because they aren't involved at all in the connection. Just they give access from one network to another. And even if you block any IP in the route, you will still have access to the kmeleon forum because what is important is the point to point connection, not the routers and gateways.


After this long explanation (and brief), if you find a replacement for Kerio 2.1.5 and Windows 7, tell, please.

I had a look to PC Tools Firewall in the past, because it looks simplier, but there is nothing like the old Kerio and that is the reason I don't recommend it to you or anyone.



Edited 3 time(s). Last edit at 01/09/2015 01:07AM by JohnHell.

There is a lot I do not know about firewalls. But I have several XP computers
that have been set up this way for about 10 years. All I have to do is remove
the checkmark from that rule and they will not access the internet. I have
Belkin routers and it's the same with all of them. They simply use the default
IP of http://192.168.2.1/
The only difference I've seen is with Linksys routers. Not only do they
require the http://192.168.1.1/ to be entered but you still don't get internet
access until putting the appropriate IP addresses in the Primary and Secondary
DNS Server rules.
My only concern is that I want to set up a firewall on my Windows 7 where if
anyone takes my computers to another location they cannot access the internet
without a router that uses 192.168.2.1 as the gateway IP.
Can that even be done with Windows 7 using any firewall? I don't care what
firewall is required.
Thanks

Quote
chan
There is a lot I do not know about firewalls. But I have several XP computers
that have been set up this way for about 10 years. All I have to do is remove
the checkmark from that rule and they will not access the internet. I have
Belkin routers and it's the same with all of them. They simply use the default
IP of http://192.168.2.1/
The only difference I've seen is with Linksys routers. Not only do they
require the http://192.168.1.1/ to be entered but you still don't get internet
access until putting the appropriate IP addresses in the Primary and Secondary
DNS Server rules.

After you tell about DNS, it is sure you are in DHCP (or at least you haven't configured them on Windows 7), and DHCP need to discover themselves. At some point, the router becomes and endpoint to kerio and therefore there is need of access, but not because of its gateway actions. I see that the router needs to recheck clients and viceversa for available IPs.

Without know your exact network configuration, can't tell exactly.

I'm a fixed configuration guy

Quote
chan
My only concern is that I want to set up a firewall on my Windows 7 where if
anyone takes my computers to another location they cannot access the internet
without a router that uses 192.168.2.1 as the gateway IP.
Can that even be done with Windows 7 using any firewall? I don't care what
firewall is required.
Thanks

Should be done the same way you do now, but I don't use Windows 7 yet and the problem with newer firewalls is that don't let you create much personalized rules.

That is why I told you about PC Tools Firewall. If my memory doesn't trick me it lets create rules.

Try to use the Windows 7 embedded firewall. They tell is powerfull...

Thanks. It's interesting that you mentioned PC Tools Firewall. It's actually
the first I tried. But getting nowhere with it. I've searched all over the
internet and can't find a thing about configuring it

I think it is another application to avoid too. Now is called "PC Tools Internet Security", a bundle of tools

It had an online guide, but I see now it is not the same as it was:
http://www.pctools.com/security/help/Online_Help-Security.htm

Even at archive.org doesn't work for the 6.0 version:
http://wayback.archive.org/web/20101206172723/http://www.pctools.com/firewall/help/6.0/

Looks like the guide is still available searching directly for it:
http://www.pctools.com/firewall/help/6.0/

If you don't care about versions, and I think you don't, as I don't, as we use Kerio , you can try to find/download 6.0 and have a look to it.

I don't promise now nothing. I just tested years ago and I had in mind but now looks isn't the same app it was.



Edited 1 time(s). Last edit at 01/09/2015 04:36PM by JohnHell.

Quote
JohnHell
if you find a replacement for Kerio 2.1.5 and Windows 7, tell, please

Speaking of application firewalls, Kerio 2.15 (the successor of Tiny FW) was fine but IMHO not the best. Jetico was free at that time, also light on resources and was able to detect code-injection as well. Another thing I didn't like about Kerio was the fact that it secretly called home even so 'check for updates' was disabled. That connection wasn't notified by Kerio. >-(
This was almost a decade ago and meanwhile I gave up using a PFW.
Well, since Win7 I'm using Windows' built in FW.

How about Windows Firewall Notifier? I didn't bother to test it as yet but it looks neat.
It wan't handle dll- or code-injections but will enhance the built in FW of Win7.
You could test it in a VM, in case you are interested and tell us your opinion about it.

Quote
Yogi

Quote
JohnHell
if you find a replacement for Kerio 2.1.5 and Windows 7, tell, please

Another thing I didn't like about Kerio was the fact that it secretly called home even so 'check for updates' was disabled. That connection wasn't notified by Kerio. >-(

:-?

Never noticed such thing. First time I hear about it.

I also run my own DNS server and I've never seen strange requests, or request not made by the applications I'm actually using and where have been I catched them and not comming by the firewall.

You killed me with this thing.

@JohnHell
I discovered it by coincidence but I got confirmed by others too.
At that time most software that called home, did it by using the internet settings of InternetExplorer.
Since I did never use IE, I set up IE to connect through a bogus server/proxy. Everything that was trying to use that connection ended in nirvana.
To my surprise Kerio 2.15 popped up complaining that it can't connect to the internet
If I remember correctly I have blocked then Kerio through its own rules and it worked. The trust however was damaged.

If IP-numbers are hardcoded, there is no need to request a DNS-server.

I know what happens if the IP is hardcoded, but I have other monitor software and I don't have traffic for Kerio. I have traffic for it, but when it transfers data to the admin console. Nothing else.

I also had firewalled IE to warn and other measures. I never had that suspicios behavior or I never noticed.

Really, I'd swear I never had that problems.

I'm keeping a closest eye on Kerio since you mentioned it but I still haven't seen any strange behavior :-?

I also searched the kingdom of Kerio support, dslreports.com, and looks that maybe happened in some versions, but not in 2.1.5 or 2.1.4, versions I used.



Edited 3 time(s). Last edit at 01/10/2015 05:23PM by JohnHell.

I'm trying PC Tools Firewall Plus 7.0.0.123 on one computer, Look 'n' Stop Firewall 2.07, on one and Privatefirewall 7.0.30.3 on another.
Getting nowhere with any of them
Do you think I should try PC Tools version 6 instead of 7.0.0.123?
Any other suggestions for rule based firewalls? I'm ready to try them all.

@JohnHell

I did a Google search and found a circumstantial evidence at least.
All I can remember is that the discussion took place on a German board. So at least I knew in what direction to search.

Try to translate with Google the comment of Ajax. There are 2 people confirming the phonehome Ken and Ajax).
In case you don't exactly understand what Google translates, no problem. I'll try to translate it for you. I wish my English would be as good as my German.

@chan the 7 version was just a small update to 6 if I'm not wrong. Even they routed you to the 6.0 manual. Did you read it in the advanced section for creating rules? Of course, try to remove/disable any default rule. May be some in conflics with your rules. Sorry if I don't test myself.

@Yogi, what I read Ajax is vague reply. Not remembering or couldn't add more information.

I'll trust what you or he said, but I never seen this. I can't say anything else

@JohnHell

pcfreak asks if anybody in the forum can confirm what Ken has stated in another security forum (Rokop Security).
Ajax confirms the findings of Ken. He explains that no data is sent by Kerio. Kerio makes only a connection to a registration server of Kerio.
However this connection is done secretly and without to ask for permission. It's about Kerio 2.xx. Ajax says that as far as he remembers this behaviour was still present in v.2.1.5. At the time of that posting (24.09.2003) Kerio was already at v.4.xx.
I stopped using Kerio when it went to v3.xx.

Ok, I think I found part of the discussion here:

http://board.protecus.de/t313.htm

Even with Bing translation (I find a little better sometimes) I find comfronted opinions and as I can't get to the first link (even at archive.org) I don't know exactly what is the discussion about. What really ken proves. I like the exact details when talking about security

If you don't mind, post a summary, just in case I missed something

@JohnHell

The first link (which is dead) would have been of interest because it also had a screenshot.
Ken refers to that screenshot.
The rest is a verbal clinch between Ken and some fanboys.
At that time not even Ken knew if or what data Kerio was sending out till somebody found out that the called IP was a registration server of Kerio.
Kerio only connected to the server without sending any data, at least that's what I recall.
So it wasn't a big deal, only perturbing thing was that the connection was made without user permission.