Blocking Outbound Traffic Only

Archived from groups: comp.security.firewalls (More info?)

idealdu@yahoo.com (Reactor) wrote in news:ac9d6eb9.0407231940.59b6aa03
@posting.google.com:

> I have a netgear router that has stateful packet inspection and would
> like a software firewall to block outbound traffic only since the
> router is only capable of blocking inbound. Is there a firewall that
> has the option to only monitor outbound traffic?
>

Well that depends on what O/S you're using. For me back when I was using
the Linksys router and BlackIce which neither one can stop outbound by
setting rules, I used IPsec that's on the O/S.

IPsec can stop inbound and outbound by port, protocol and IP.

http://www.petri.co.il/block_ping_traffic_with_ipsec.ht...
http://www.analogx.com/contents/articles/ipsec.htm

The use of the AnalogX Secpol file makes IPsec simple to use based on the
rules that have been created.

IPsec is active on the machines protecting the LAN.

Duane  

Duane  

Archived from groups: comp.security.firewalls (More info?)

[This followup was posted to comp.security.firewalls and a copy was sent
to the cited author.]

In article <ac9d6eb9.0407231940.59b6aa03@posting.google.com>,
idealdu@yahoo.com says...
> I have a netgear router that has stateful packet inspection and would
> like a software firewall to block outbound traffic only since the
> router is only capable of blocking inbound. Is there a firewall that
> has the option to only monitor outbound traffic?

You could set up a firewall rule to simply allow all incoming, but only
check outgoing.

As it is, I would still let the software fireall check incoming. Unless
you have speed problems (which shouldn't be an issue unless you have a
VERY fast connection AND a VERY slow computer), it gives an extra line of
defense in case the router is hacked, somehow gets misconfigured, or
anything causes something to leak through.

--
If there is a no_junk in my address, please REMOVE it before replying!
All junk mail senders will be prosecuted to the fullest extent of the
law!!
http://home.att.net/~andyross

Archived from groups: comp.security.firewalls (More info?)

idealdu@yahoo.com (Reactor) wrote in news:ac9d6eb9.0407231940.59b6aa03
@posting.google.com:

> I have a netgear router that has stateful packet inspection and would
> like a software firewall to block outbound traffic only since the
> router is only capable of blocking inbound. Is there a firewall that
> has the option to only monitor outbound traffic?

It sounds like you want an early version of Zone Alarm. Originally, they
only offered outbound protection, and they worked fine for that. I still
have ZA 1.7 on a CD, but last time I tried it, it would not work (maybe to
the point of having to restore a drive image) - I don't recall if that was
with Win98SE, WinME, or WinXP.

--
Tom McCune
My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

Archived from groups: comp.security.firewalls (More info?)

In article <ac9d6eb9.0407231940.59b6aa03@posting.google.com>, idealdu@yahoo.com says...
> I have a netgear router that has stateful packet inspection and would
> like a software firewall to block outbound traffic only since the
> router is only capable of blocking inbound. Is there a firewall that
> has the option to only monitor outbound traffic?
>
Any software firewall "worth its salt" could be set up to
accomplish this. With Sygate for example, Advanced Rules could
be set to Allow all TCP, UDP,and ICMP incoming connections.
Application Rules could be set to control outgoing application
connections. This of course would negate Sygate SPI.
Casey