Posted: Sat Jul 15, 2006 22:36 Post subject: Wondering about firewall
I'm just wondering if it's recommended to use a 3rd party firewall with the one built into dd-wrt sp1 final on my wrt54gl. My firewall settings right now are set to "Block Wan Requests" with all boxes checked, and no "Additional Filters" set. I also have 1 port forwarded.
Should I be all set with only the router firewall or should get another one such as zonealarm.
Thanks HWS, I kinda thought one firewall would be enough. Well actually there's the built in win xp one too so I guess I should be fine. I don't really have anything that important on my computers anyway.
I have exactly the same question, but would be happy with some more technical insight if anyone can give it.
What are the capabilities of SPI of ddwrt exactly? How save is it, seen on itself and in also in comparison with, say, ZoneAlarm?
I've never had to wonder about this, because I have always used ZoneAlarm free, which has always worked like a charm and has protected me perfectly.
Alas, with their newest update they have screwed up bigtime so that many people including me are no londer able to properly install on a perfectly normal windows xp sp2 machine. They have confirmed the trouble themselves (see their forum) and also I have had this problem now on quite a few quite different computers (but all running recent and updated windows XP).
Whatever. But because of what I've written above, I have had to uninstall ZA. Right now, I do not want to install any other free product YET, I want to see whether they fix it in their next release. For the mean time I have turned on SPI on the router and (...yes I know, don't tell me) Windows Firewall.
Sooo... how good is ddwrt spi? I have no idea as to what it is, can or can't do etc etc. _________________ If you use DD-WRT, you HAVE to make a donation! See this topic too: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=228
DD-WRT provides firewall security through NAT. Anyone looking at your computer's IP from the outside will only see the router, and nothing behind it. The only time anything is allowed through the router to your computer directly is when your computer makes an outbound connection and requests something.
That being said, the router should protect you from 99% of all the random port scanning, worms, etc. that plague most broadband users. DD-WRT arguably does a better job than ZoneAlarm at this because ZA filters packets that have already gotten to your computer, while DD-WRT stops them before they enter your network.
On the contrary, DD-WRT does not allow you to filter outbound connections. ZA still finds good use behind a NAT router because it allows you to see if programs, viruses, or spyware are "phoning home."
Again, no firewall is 100% perfect, but DD-WRT does provide sufficient protection from incoming attacks, however i would reccomend ZoneAlarm in addition to good Antivirus and malware tools to control anything from unknowingly leaving your network.
Thanks! If anyone has anything to add to this, I am still interested of course... _________________ If you use DD-WRT, you HAVE to make a donation! See this topic too: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=228
My additional favorite Firewall is Kerio.
I want to know which software are "phoning home".
I can see all active connections of running applications. _________________ DD-WRT v23 SP2 (09/13/06) std on WRT54GL V1.1
Last News
Again, no firewall is 100% perfect, but DD-WRT does provide sufficient protection from incoming attacks, however i would reccomend ZoneAlarm in addition to good Antivirus and malware tools to control anything from unknowingly leaving your network.
I agree with DKP on this one. DD-WRT will provide good protection to your network from incoming attacks. Port scans and other direct approaches. However, it will not stop a virus from entering your network through an email attachment. It will not stop that trojan from "phoning home" once you're infected because DD-WRT only protects against incoming attacks. Zonealarm (or most other personal firewalls like Norton Firewall or any number of others) will protect you from dangers that have made it into your network from other sources (email being the most common).
Even if you don't "keep anything valuable" on your computer, you should still take every precaution to protect your network because you'd be amazed at how much personal information can be gleaned from your computer. When was the last time you entered a credit card number, name and address on a web page for purchasing something. That info is likely still in your local cache somewhere. Identity theft is a real problem, and so you should protect yourself with every reasonable method available. Since DD-WRT and Zonealarm are both free there's no reason to not use both (and a good antivirus is a must of course).