cfosspeed firewall

[Sl@pSh0ck™]

I have outpost pro firewall and just recently installed cfosspeed, I noticed that it has a firewall feature ... my question is that can I uninstall outpost pro and just use cfosspeed firewall feature or would it be a bad idea? Any suggestion would be appreciated. Thanks.

[Sl@pSh0ck™]

use a custom uninstaller we have a lot listed in forums and front page LOOK for system utilities ;)

Thanks for the reply .... but I don't have any problem uninstalling I am using your uninstaller pro ..... my question is would it be a good idea to replace outpost pro and use cfosspeed firewall feature instead?

[Bizarre™]

@nivrid05:

Althought it's not recommended to run two firewall at the same time, you can keep Outpost together with cFosSpeed.

I just recommend that you disable cFosSpeed firewall because I believe Outpost should provide better protection.

[Sl@pSh0ck™]

Thanks for the replies guys .... I'll stick with outpost pro and cfosspeed (firewall disabled) for now and see if they would work together as they should be, if I notice any conflict then I'll go ahead and uninstall outpost and use cfosspeed's firewall feature instead. NSANE RoCkS!!! :wub:

[HX1]

I use them both with ESS.. I have never had any incompatibility issue with it either nor does it slow anything down or cause any issues.. If you want you should be more than able to run it.. its mainly about the priority of the driver in your system.. Like a firewall behind your firewall.. it is not like running two AV's on the same system..cFosspeed firewall is not meant to be as comprehensive as security suites and serves another purpose.. If you check out their main site.. It should shed some light on what the firewall within cFos actually does and why it is there.. It does not have any rule sets or anything.. so .. Hope that helps some.. and clarifies it..

[Sl@pSh0ck™]

I use them both with ESS.. I have never had any incompatibility issue with it either nor does it slow anything down or cause any issues.. If you want you should be more than able to run it.. its mainly about the priority of the driver in your system.. Like a firewall behind your firewall.. it is not like running two AV's on the same system..cFosspeed firewall is not meant to be as comprehensive as security suites and serves another purpose.. If you check out their main site.. It should shed some light on what the firewall within cFos actually does and why it is there.. It does not have any rule sets or anything.. so .. Hope that helps some.. and clarifies it..

Thanks man! heading to cfosspeed.de now to do some reading. :D

[Bizarre™]

@heath28m:

cFosSpeed is using a ruleset, it's not user friendly though.

X : \ cFosSpeed \ settings.ini

[Sl@pSh0ck™]

If I want to save some system resources (RAM) would you suggest to run cfosspeed's firewall feature together with the built in vista firewall (outbound protection enabled) instead of outpost pro?

[Bizarre™]

@nivrid05:

cFosSpeed is light on resources, so I guess you can run it in conjunction with your main firewall.

[HX1]

The rule set I am referring to Biz, is one like that of ESS/Others who and that allow Rules to be set for programs, and other areas..There is no UI for this... and the settings which are in the settings.ini, are addressing all aspects of configurable elements that you set on the main screen.. There are, as you noticed, several aspects which are notated for areas of cFos and how it designed to run.. These settings should be able to be changed and altered depending on your calibration/connection/network.. which in most areas should be configured by the program itself..It also has a section dedicated to filters which you can enter.. so it does allow for filtering..and uses several other elements to control this area

So yes you are right about that.. but I am referring to it being as broad spectrum as the original firewall.. It filters a different element from what most people view as a ' firewall'..

See spoiler for my section....

; --- firewall rules

; ppp protocols: only handle network-layer-protocols

filter=-fw -pppp 0x4000:0xffff -c default

; drop all non ip (or compressed) protocols

filter=-fw !-pppp 0x21,0x2d,0x2f,0x3d -c drop

; ethernet protocols: allow only ipv4 and arp

filter=-fw !-ethp 0x800,0x806 -c drop

; ip packets with len < 20, vsn != 4, ihl < 20, len < ethd_len, len > ihl, bad chksum,

; ping of death or malformed ip options are always dropped

;; drop all fragments?

;filter=-fw -fragment -c drop

; drop packets with source route ip option

filter=-fw -ip-opt 131,137 -c drop

;; drop packets with other ip protocols than specified?

;; this may inhibit some software from working, like NAT/VPN software (might need GRE,

;; AH or ESP) or ip mobility support (might need GRE), or ip multicasting (needs IGMP)

;filter=-fw !-p tcp,udp,icmp -c drop

;; drop packets to or from loopback address? paranoia, should be superfluous

;filter=-fw -s 127.0.0.0/8 -c drop

;filter=-fw -d 127.0.0.0/8 -c drop

;; drop packets to or from reserved address?

;filter=-fw -wan -s 0.0.0.0/8 -c drop

;filter=-fw -d 0.0.0.0/8 -c drop

;; drop packets to or from broadcast address

;filter=-fw -s 255.255.255.255 -c drop

;filter=-fw -wan -d 255.255.255.255 -c drop

;; drop packets to or from multicast addresses?

;filter=-fw -s 224.0.0.0/4 -c drop

;filter=-fw -d 224.0.0.0/4 -c drop

; egress filtering

; don't check source ip on LAN ports, might break ip mobility support.

filter=-fw -wan !-bridged -tx !-s-mynet -c drop

; don't check dest ip on LAN ports, since DNS traffic to router would be blocked

filter=-fw -wan !-bridged -tx -d-mynet -c drop

; ingress filtering, allow incoming multicast

filter=-fw !-bridged -rx !-d-mynet !-d 224.0.0.0/4 -c drop

; don't check source ip on LAN ports, since DNS traffic from router would be blocked

filter=-fw -wan !-bridged -rx -s-mynet -c drop

; tcp packets with bad checksum or malformed options are dropped anyway

; drop outgoing tcp RST segments if they don't belong to a (maybe even half-open) session

filter=-fw -tx -tcp-flags RST RST -tcp-initiated rx !-tcp-session 2 !-tcp-session-dadr 3 -c drop

; drop tcp packets to potentially dangerous port numbers

filter=-fw -rx -tcp-dport 42,53,79,161:162,135,137:139,445,593 -c drop

filter=-fw -tx -tcp-dport 135,137:139,445 -c drop

;; drop all incoming tcp connection attempts?

;filter=-fw -rx -tcp-flags SYN,ACK SYN -c drop

; drop udp packets to potentially dangerous port numbers

filter=-fw -rx -udp-dport 42,53,161:162,135,137:139,445 -c drop

filter=-fw -tx -udp-dport 135,137:139,445 -c drop

; allow dhcp for lan ports, but filter for wan ports

filter=-fw -wan -rx -dport 67:68 -c drop

; drop potentially dangerous icmp packets

filter=-fw -tx !-icmp-type 3/4,8/0,13/0,15/0 -c drop

filter=-fw -rx !-icmp-type 0/0,3,4/0,11,12,14/0,16/0 -c drop

With mine I use Layer-7 Protocol Detection, Firewall, Automatic MSS ( MTU ) Optimization, and Strict RTP Checks..of course then I have all of the other specification and shaping done for all of the protocols and programs.. Still have to set up my graphing functions though...and add some new stuff..

EDIT: Yo could also upgrade your firewall as well.. while you were on the subject..Comodo, Online Armour, and then PC Tools.. I think is the current ranking.. Yours is still good and is ranked at 5th and 6th places..

[Bizarre™]

@heath28m:

That's why I said 'not user friendly'.

[Tanuj]

someone please give of a crack for cfosspeed the activation key does not works

[Tanuj]

i had found but the key is blacklisted

[HX1]

Thats is why there is a Search Bar at the top of the forums.. Always Read the FAQ, search the forums before asking..More than likely someone has come across the issue before.. Makes things far more efficient for you and the forum..This is addressed ... please do a quick search and your problem will be solved.. :thumbsup:

[Bizarre™]

@Tanuj:

This has already been resolved: Link

You should also follow heath28m's advice ^_^

[Sl@pSh0ck™]

i had found but the key is blacklisted

heath28 and bizarre are right ... just do a search and then follow the instructions on how to register cfosspeed using a blacklisted serial. I have done it and it was easy (instructions are clear enough for a kid to follow) :dance2:

[KotaXor]

Yep...key working fine here too.