OK, so this is (may be, probably is) a stupid question. But I'm gonna ask it anyway, so if you think it's stupid, go ahead and at least get a good laugh out of it.
Does anybody forsee a port, of some sorts, of pf for Windows? Yeah, it sounds a little wild, but I could really use something like this. I have a bunch of Windows clients on my home LAN, and you can never really trust the LAN (even though it's firewalled) since these are Windows (a.k.a. virus-laden) machines. So I want to install software firewalls on every machine to provide secondary protection against threats on the LAN. The big problem is that there are no good free firewalls for Windows. Of course, everybody will recommend the same things, such as ZoneAlarm, and similar types of programs, but all I need is something that can do fragment reassembly, stateful inspection, and block certain ports (135, 137-139, 445, 1025-1027, 5000) while leaving everything else open by default. Every free firewall I've seen is missing something. ZoneAlarm is too aggressive, blocks everything by default and asks the user questions all the time (I want to set it up and forget it). Rule-based firewalls like the ones based on Tiny's codebase all seem to lack some reassembly and stateful inspection capabilities; they're basically just SYN filters. So, how does one get the power of pf onto a Windows system? Well, the way other firewall products seem to work is that they insert a bit of code between the network driver and the TCP/IP stack, then redirect packets and fragments through the filter engine. So, if somebody were to get his hands on a packet interception thingy like that, we could make a pf-based firewall to protect Windows machines without having to have a *BSD machine for every Windows client. Sound crazy enough? Actually, it would be pretty nice to have a userland application that does what the pf engine does. One could use it, for instance, to filter traffic that goes through other userland applications (such as ppp using tun*). I'd like to know how feasible this Windows port idea would be. __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
