Hello,

PC tools firewalls needs to allow for much more configuration in the rules then what is allowed right now. A few suggestions I hope you'll consider.

1. Ability to select TCP flags in the rules (SYN, ACK, ECE, CWR, ect.)

2. Fragmented packets and invalid checksum rule that you can set to block.

3. Ability to put in Ethernet addresses in the rules.

4. Stateful inspection option for TCP/UDP.

5. Application checksum/hash values.


Thanks.

One more thing, please get rid of the steps in the rules and just include everything in one windows. This would make creating rules a whole lot easier and better.

Appreciate the feedback.

I have passed this on to the Firewall developers.

Thanks Anthony!

1) At minimum for at least the common Control Bits (6-bits) - URG, ACK, PSH, RST, SYN, FIN. ECE and CWR are part of the Reserved 6-bits… The control for these two reserved flags doesn’t necessarily need to be provided ASAP through the Ruleset wizard or even in the Ruleset Wizard…

2) All modern packet-filters should cover all known bad fragmenting characteristics, however I’m almost certain that the PC Tools Firewall doesn’t, would be a nice time to make available a plug-in support with an official plug-in that permits users to creating advanced rules based on anything in a packet’s header… :P

3) Creating rules based on Ethernet addresses is important, and it should be implemented…

4) Only TCP is stateful, UDP (much like ICMP) is a connectionless protocol, there is no "state" when dealing with UDP - it would be wrong to call it stateful inspection. UDP and ICMP do not themselves contain any connection information (such as sequence numbers). However, at the very minimum, they contain an IP address pair. UDP also contains port pairs, and ICMP algs has type and code information. All of these data can be analyzed in order to build "virtual connections" in the cache, hence the term "pseudo" stateful… ;)

Hey Phant0m,

Thanks for clarifying things a little better and for giving your input. :)

When I installed PC tools firewall for the short time it seemed like a very stripped down firewall without much controls for anything. It needs a lot of work to bring it up to speed with many of the other advanced firewalls being offered today.


AChen,

Do the firewall developers ever stop in here to say hi and give there feedback on things and comment on what there future plans might be for this firewall?

I will try to get as much information as I can on future versions of the PC Tools Firewall Plus.

Will need to get back to you on this.

If you would like to know whats happening with future versions of PC Tools Firewall Plus, please see this thread: http://www.pctools.com/forum/showthread.php?t=44779.

Hello,

3. Ability to put in Ethernet addresses in the rules.

Thanks.

You can do this now.

At first of all. This is my first post in a forum. So please forgive that i don´t know all these functions and that i´ve got the german (cause i´m german) version of the program and so i try translate program specific options or something else.

I think it would be great if the


4. Stateful inspection option for TCP/UDP.

would be inserted in the "Advanced Rule" option. It´s nasty to put rules for every port in the firewall you want to allow. An easy configuration with the iptables statements NEW,RELATED, ESTABLISHED would be powerful. So you have only to look for incoming ports.