PDA

View Full Version : I Need Advanced Firewall

EvilEmpire
05-11-2007, 12:45 PM
I don't know if its that advanced anyway..

I need a firewall that can allow me to do the following:

Limit local ports for process.exe
Limit access of process.exe so that only certain IP ranges can use process.exe (which is *cough* a web server)
Give me complete control over other apps using the internet (full access and stuff like that, completely ignore them for example)
Will not monitor the traffic transferred, uses a lot of CPU and slows down DL/UL speed significantly.So there you go.
Please no "google is your friend" posts (because he's not, he crawls the shit out of me).
Neo
05-11-2007, 7:30 PM
robots.txt will fix any robot crawling issues you have, though to be honest, I've noticed Microsoft's Live (?) Search bot to suck up my bandwidth and server resources then the googlebots.

Kerio's firewall has always worked for me.

However if you are running a webserver, its easier to configure it properly, rather then having it all the way open and using a firewall to restrict stuff.

-Neo
EvilEmpire
05-11-2007, 7:54 PM
1. I dont want to limit crawlers, access have only a few ppl but some dipshit leaked links and now I get hammered. And the problem with the server is that it takes him time to realize who is entering, return a 403 and close the connection. 2-3 such users making 3 conns per 5secs make the server sluggish or kill it. Thats why no connection to the machine should be made (to kill them on the stairway) [and yea MS live are a nasty bunch of buggers, they stay online all day long dong almost nothing]

2. Hmm there is no 2

---
Is "Application communication control" the way they call my second bullet?
TimP
05-11-2007, 9:16 PM
You can set a lot of that up through the web server usually. Apache has mod_access (http://httpd.apache.org/docs/2.0/mod/mod_access.html) which will take care of most of that. (mod_access is known as mod_authz_host (http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html) in Apache 2.2+). The built in Windows Firewall (SP2) will handle a lot of the rest.
Neo
05-11-2007, 10:15 PM
Seriously... Just do a restricted access thing, hell you could even password the pages or something.

Or simply utilize htaccess to deny all but specific ip addresses or something.

-Neo
EvilEmpire
05-12-2007, 12:49 PM
I can do it with the server, and I have, but it puts a heavy load on the server and it crashes sometimes. It's not apache though, lighttpd, soo much fun :D.

Kerio seemed to do the job, some advanced packet filtering thingy and thank good it had adding IP ranges..

Thanks both!