10 firewall tools to meet your budget
by Jack Wallen | October 4, 2010 6:54am PDT | Image 1 of 10
Previous | Next
Zone Alarm Free
If you are looking for a free (for individual and not-for-profit use) all-in-one security suite that includes a Firewall tool, Zone Alarm is hard to beat. Zone Alarm includes a new DefenseNet feature that leverages the real-time threat data from millions of community users that aids to detect and block threats.
Just In
Nice but it would be helpful if we could know the level of protection offered by each one. How effective are they? What kind of testing is available to insure the proper operation and configuration? Also some of these purport to be smart firewalls, so can any of them respond to an attack and indicate to the user some configuration that needs to be adjusted?
@ivank2139@...
TO TRY IT WILL NOT HARM YOUR COMP OR YOUR PURSE.
TO TRY IT WILL NOT HARM YOUR COMP OR YOUR PURSE.
Does Zone Alarm Free work in 64-bit Windows 7 Ultimate? Also, will there be any conflict with the other 2 free anti-malware, viz., Avast 5.0.677 and Spybot Search&Destroy 1.6.2 that I use?
@sjoardar
THIS DOES WORK WITH AVG ANTI VIRUS PRO,
AD-AWARE ANTI VIRUS PRO,
IMMUNET AND PANDA CLOUD SYSTEMS.ALSO-YES IT DOES WORK ON
64-BIT WINDOWS7 ULTIMATE.
THIS DOES WORK WITH AVG ANTI VIRUS PRO,
AD-AWARE ANTI VIRUS PRO,
IMMUNET AND PANDA CLOUD SYSTEMS.ALSO-YES IT DOES WORK ON
64-BIT WINDOWS7 ULTIMATE.
@livekingstown STOP SHOUTING!
@livekingstown
I can't hear you over the fact that you're yelling!
I can't hear you over the fact that you're yelling!
@livekingstown
Thanks! However, I am still wondering about any potential conflict with Avast! 5.0.677 and Spybot Search&Destroy 1.6.2.
Thanks! However, I am still wondering about any potential conflict with Avast! 5.0.677 and Spybot Search&Destroy 1.6.2.
zonealram is a ancept firewall and i think it is the best.... when checkpoint is hired them... i don't know.. ? any idea... checkpoint attachment with zonealarm....
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
auto br0
iface br0 inet static
address 192.168.0.1
netmask 255.255.255.0
post-up iptables-restore /etc/iptables.up.rules
bridge_ports eth1 wlan0
iface eth1 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
iface wlan0 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
Yep! I am using my own iptables script to flush and recreate the rules as soon as my external interface is up!
# Generated by iptables-save v1.4.4 on Thu Oct 7 13:45:47 2010
*mangle
:PREROUTING ACCEPT [3778268:2030589954]
:INPUT ACCEPT [1951542:315871622]
:FORWARD ACCEPT [1828278:1714915334]
:OUTPUT ACCEPT [584837:4837372503]
:POSTROUTING ACCEPT [2415221:6553027657]
:asterisk - [0:0]
:common - [0:0]
-A FORWARD -i br0 -o eth0 -j MARK --set-xmark 0x3/0xffffffff
-A FORWARD -i br0 -o eth0 -j common
-A FORWARD -i br0 -o eth0 -j asterisk
-A FORWARD -i br0 -o eth0 -p icmp -j MARK --set-xmark 0x1/0xffffffff
-A FORWARD -i eth0 -o br0 -j MARK --set-xmark 0x3/0xffffffff
-A FORWARD -i eth0 -o br0 -j common
-A FORWARD -i eth0 -o br0 -j asterisk
-A FORWARD -i eth0 -o br0 -p icmp -j MARK --set-xmark 0x1/0xffffffff
-A asterisk -p udp -m udp --sport 5060 --dport 5060 -j MARK --set-xmark 0x1/0xffffffff
-A asterisk -p udp -m udp --sport 5080 --dport 5080 -j MARK --set-xmark 0x1/0xffffffff
-A asterisk -p tcp -m tcp --sport 5060 --dport 5060 -j MARK --set-xmark 0x1/0xffffffff
-A asterisk -p tcp -m tcp --sport 5080 --dport 5080 -j MARK --set-xmark 0x1/0xffffffff
-A asterisk -p udp -m udp --sport 10000:20000 --dport 10000:20000 -j MARK --set-xmark 0x1/0xffffffff
...
COMMIT
# Completed on Thu Oct 7 13:45:47 2010
# Generated by iptables-save v1.4.4 on Thu Oct 7 13:45:47 2010
*nat
:PREROUTING ACCEPT [48293:6001940]
:POSTROUTING ACCEPT [14341:1088928]
:OUTPUT ACCEPT [36548:2778308]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Oct 7 13:45:47 2010
# Generated by iptables-save v1.4.4 on Thu Oct 7 13:45:47 2010
*filter
:INPUT DROP [14834:4562608]
:FORWARD ACCEPT [1799:264065]
:OUTPUT ACCEPT [584837:4837372503]
:fail2ban-ssh - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -s 211.128.0.0/9 -j DROP
-A INPUT -s 202.96.0.0/9 -j DROP
-A INPUT -s 85.0.0.0/8 -j DROP
-A INPUT -s 81.0.0.0/8 -j DROP
-A INPUT -s 122.0.0.0/8 -j DROP
-A INPUT -s 220.0.0.0/8 -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
...
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i br0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
-A fail2ban-ssh -j RETURN
COMMIT
# Completed on Thu Oct 7 13:45:47 2010
And yes, I do have Windows firewall, which is adaquate for my needs. TYVM!
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
auto br0
iface br0 inet static
address 192.168.0.1
netmask 255.255.255.0
post-up iptables-restore /etc/iptables.up.rules
bridge_ports eth1 wlan0
iface eth1 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
iface wlan0 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
Yep! I am using my own iptables script to flush and recreate the rules as soon as my external interface is up!
# Generated by iptables-save v1.4.4 on Thu Oct 7 13:45:47 2010
*mangle
:PREROUTING ACCEPT [3778268:2030589954]
:INPUT ACCEPT [1951542:315871622]
:FORWARD ACCEPT [1828278:1714915334]
:OUTPUT ACCEPT [584837:4837372503]
:POSTROUTING ACCEPT [2415221:6553027657]
:asterisk - [0:0]
:common - [0:0]
-A FORWARD -i br0 -o eth0 -j MARK --set-xmark 0x3/0xffffffff
-A FORWARD -i br0 -o eth0 -j common
-A FORWARD -i br0 -o eth0 -j asterisk
-A FORWARD -i br0 -o eth0 -p icmp -j MARK --set-xmark 0x1/0xffffffff
-A FORWARD -i eth0 -o br0 -j MARK --set-xmark 0x3/0xffffffff
-A FORWARD -i eth0 -o br0 -j common
-A FORWARD -i eth0 -o br0 -j asterisk
-A FORWARD -i eth0 -o br0 -p icmp -j MARK --set-xmark 0x1/0xffffffff
-A asterisk -p udp -m udp --sport 5060 --dport 5060 -j MARK --set-xmark 0x1/0xffffffff
-A asterisk -p udp -m udp --sport 5080 --dport 5080 -j MARK --set-xmark 0x1/0xffffffff
-A asterisk -p tcp -m tcp --sport 5060 --dport 5060 -j MARK --set-xmark 0x1/0xffffffff
-A asterisk -p tcp -m tcp --sport 5080 --dport 5080 -j MARK --set-xmark 0x1/0xffffffff
-A asterisk -p udp -m udp --sport 10000:20000 --dport 10000:20000 -j MARK --set-xmark 0x1/0xffffffff
...
COMMIT
# Completed on Thu Oct 7 13:45:47 2010
# Generated by iptables-save v1.4.4 on Thu Oct 7 13:45:47 2010
*nat
:PREROUTING ACCEPT [48293:6001940]
:POSTROUTING ACCEPT [14341:1088928]
:OUTPUT ACCEPT [36548:2778308]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Oct 7 13:45:47 2010
# Generated by iptables-save v1.4.4 on Thu Oct 7 13:45:47 2010
*filter
:INPUT DROP [14834:4562608]
:FORWARD ACCEPT [1799:264065]
:OUTPUT ACCEPT [584837:4837372503]
:fail2ban-ssh - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -s 211.128.0.0/9 -j DROP
-A INPUT -s 202.96.0.0/9 -j DROP
-A INPUT -s 85.0.0.0/8 -j DROP
-A INPUT -s 81.0.0.0/8 -j DROP
-A INPUT -s 122.0.0.0/8 -j DROP
-A INPUT -s 220.0.0.0/8 -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
...
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i br0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
-A fail2ban-ssh -j RETURN
COMMIT
# Completed on Thu Oct 7 13:45:47 2010
And yes, I do have Windows firewall, which is adaquate for my needs. TYVM!
Umm....Try it again with your review of COMODO! You just misled any of your readers into thinking that if they want Comodo's anti-virus, they have to buy the PRO product, when in fact, they can get COMODO Internet Security with antivirus as a totally FREE product! The Pro product adds 24hr. live PC support and a WiFi protection toolkit called Trustconnect! I've been using their free products for a while now, and have had zero problems! It's easy to install on anything from XP to Win7! The free download is at:
http://www.comodo.com/home/internet-security/free-internet-security.php
Next time check your facts!
http://www.comodo.com/home/internet-security/free-internet-security.php
Next time check your facts!
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
