A quick glance at the posts on this bbs shows most in favor of cisco pix, sonicwall, checkpoint.
What do these boxes have over a smoothwall or zone alarm pro that makes them better? Obviously I'm a layman (where do we get that word?), but im interested in setting up a box at home to keep my kids from irc and im. I currently use a netgear fvs318. I could block the ports (if i knew them) buti'd rather block everything and just allow port 80 on their machines. I've gone over to manual ip addressing so i could thus control specific machines (with dhcp, they'd get a new ip addy with reboot). I think i'll have to dump the netgear and use my old p3 with 2 nics in it. DSL->old p3 running smoothwall->netgear switch
what suggestions/thoughts/criticisms can you offer? I imagine this is a common problem so if you know that it's already been addressed in a faq, forgive me and point me to it.
first off the Cisco PIX, Checkpoint and Sonicwall are usually considered enterprise level firewalls.. something like zonealarm is a personal firewall, designed to be used on each individual machine. It does not stand as a gateway between their machine and the outside host.
If you want to block IRC you could consider blocking port 6667-6669 outgoing connections, this will prevent them from accessing most IRC servers, otherwise if you wanna use a personal firewall, you can setup zonealarm not to allow mirc.exe (or whatever their irc client is) to access the internet, then you just password protect zonealarm and they can't shut it off or change the settings.
However, you say you want to allow only port 80.. remember that there are a lot of irc servers that let you use irc via a java applet right on their page.. most kids will figure this out within 20 minutes of finding irc blocked..
not to mention if your kids are savvy there are a million ways around that..
blocking instant messenger traffic is a bit easier, MSN Messenger connects to one of a few central servers, all you need to do is deny access to those IPs and they wont work. I'm really not sure of the IP range but I have found an article on blocking IM traffic
I'm actually quite interested in replies to this post, a lot of companies want IM traffic and IRC blocked and I would like to see someone share a complete ruleset that works, it would be beneficial to a lot of people on the board.. so if your company filters, then let us know what the filters are.
Then I can get round to posting how to get round the rules hehe
which linksys are you referring to? port blocking also exists on my netgear as well as port forwarding, but this does not restrict OUTBOUND access to a specific ip range. The closest my netgear comes is 'keyword blocking'.
The rules posted in the link referenced above, are IP ranges so i do not really know how useful they would be with my netgear fvs318. I guess I'll need to use my pentium3 box. Should I load smoothwall or clarkconnect on it?
Since I have a dsl connection with a dynamic ip, will i be able to put this box in between my dsl modem and the fvs318? If it cannot do ppoe, I'll have to put it behind the fvs318 and then put an 8 port switch behind that . That means spending MORE money. Maybe I'll just get the sonicwall soho3 and be done with it. Given that people are coding java so that everything runs in port 80, this firewall business is losing its usefulness.