Hi, A port to Windows would not be feasible. And while I would not wish to speak for our esteemed developers, I think I'm fairly safe in saying that they would not be interested in doing the work. :-)
==ml On Thu, Jul 10, 2003 at 06:38:26PM -0700, Aaron Suen wrote: > OK, so this is (may be, probably is) a stupid question. But I'm > gonna ask it anyway, so if you think it's stupid, go ahead and > at least get a good laugh out of it. > > Does anybody forsee a port, of some sorts, of pf for Windows? > > Yeah, it sounds a little wild, but I could really use something > like this. I have a bunch of Windows clients on my home LAN, and > you can never really trust the LAN (even though it's firewalled) > since these are Windows (a.k.a. virus-laden) machines. So I want > to install software firewalls on every machine to provide secondary > protection against threats on the LAN. > > The big problem is that there are no good free firewalls for Windows. > Of course, everybody will recommend the same things, such as > ZoneAlarm, and similar types of programs, but all I need is something > that can do fragment reassembly, stateful inspection, and block certain > ports (135, 137-139, 445, 1025-1027, 5000) while leaving everything > else open by default. Every free firewall I've seen is missing > something. ZoneAlarm is too aggressive, blocks everything by default > and asks the user questions all the time (I want to set it up and forget > it). Rule-based firewalls like the ones based on Tiny's codebase all > seem to lack some reassembly and stateful inspection capabilities; > they're basically just SYN filters. > > So, how does one get the power of pf onto a Windows system? Well, > the way other firewall products seem to work is that they insert a > bit of code between the network driver and the TCP/IP stack, then > redirect packets and fragments through the filter engine. So, if > somebody were to get his hands on a packet interception thingy like > that, we could make a pf-based firewall to protect Windows machines > without having to have a *BSD machine for every Windows client. > > Sound crazy enough? > > Actually, it would be pretty nice to have a userland application that > does what the pf engine does. One could use it, for instance, to > filter traffic that goes through other userland applications (such > as ppp using tun*). > > I'd like to know how feasible this Windows port idea would be. > > __________________________________ > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! > http://sbc.yahoo.com -- Michael Lucas [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.BlackHelicopters.org/~mwlucas/ Absolute OpenBSD: http://www.AbsoluteOpenBSD.com/
