fireBwall modular firewall

Learn about Computer Security Other Security Products
1

Found this new modular firewall just browsing around. It seems very interesting
http://firebwall.com/index.php

fireBwall is a personal Windows firewall which allows for modular network access. This makes fireBwall more like a network swiss army knife than just your usual firewall. Modules can be developed in any language supporting .NET 2.0. We have many modules already built in, so new users can see the potential of what we can do. In case you didn't notice, fireBwall is a free firewall, and in our opinion, could be the best firewall. Microsoft Windows Security could be on par with some of the more hardened *nixes.

Here is a topic at wilders discussing it.

2

I was looking at this earlier today, it does look interesting but it’s still quite raw. There’s no IPv6 support and the interface leaves a lot to be desired. The idea of plug-ins is interesting. I just hope they’ve got some quality control.

3

It still seems to be in a very early state. They only have 2 developers that i know of so idk how extensive quality control is.

fireBwall started out with just me(Brian W.) aggrivated that no free effective solution to ARP Poisoning existed. I starting looking into ways to ways to implement my own and found myself building a firewall. For this came the idea to allow developers to write their own parts of the firewall, allowing for modules to control the network traffic. After a while, I realized I could not do any of this in a short amount of time, so I sought out more developers. I found Bryan A. on reddit, and he has become a great member of the fireBwall team. We are looking for more developers, because there is always more to do. If you are interested, please feel free to contact us. A friend of ours in IRC did most of the graphics for us, thanks Broly.
4

Hey,

This is Brian from the fireBwall development team. We are going to release version 0.3.10.0 soon, which has been very heavily tested. As for IPv6 support, we have it in the code, we just haven’t added it to processing yet. Reading this made me think is about time to add it.

Thanks,
Brian

5

Thanks for the update Brian. Do you have any plans to revamp the interface? I’d also be interested in the timeline for IPv6.

6

The interface is kind of on the back burner for things to update. We care far more about functionality than how pretty it is, but understand that at some point, we will have to make it attractive without slowing it down. We have plans for changing the taskbar functionality, but that’s not what I think you mean. Since reading this today, I have already put in all the code for IPv6. We are going to test it do death, just like everything in the upcoming 0.3.10.0 release. I say it should be out by the end of the week.

7

Hi Brian, welcome to the forums!
An interesting project… specially on the v6 side, guess I’ll have to load it on a VM sometime soon.

8

Well our testing is going surprisingly well. Although we’ll setup some full local IPv6 networks for when we go into the more advanced IPv6 protection, like protecting against NDP Poisoning. We are also considering implementing some other IPv6 security features, but we haven’t decided on everything yet. For the release, which looks like it will be out tonight, allows for IPv6 integration into basic features, like the BasicFirewall.

9

fireBwall 0.3.10.0 is out!
Supports IPv6 as well as many other changes!
fireBwall 0.3.10.0

10

Thanks for the update :slight_smile: I shall look forward to investigating the new features.

11

Made a little demo video, let me know if you have any thoughts or suggestions.

12

Is this for XP too? I dont see the system requirements on the website.

13

It does work with XP, and we plan to keep it that way.

14

Hey,
Made a new module today that caches your DNS replies, so just in case there is downtime for the DNS servers, you can use cached results. It is not at version 1.0 yet, but it will suffice for this weekend until I have time to make it more advanced.

http://code.google.com/p/firebwall/downloads/detail?name=DNSCache.dll&can=2&q=

15

I’ve not had a chance to properly get to know firebwall yet but here’s a ccouple of quick observations;

Windows firewall remains on
Doesn’t register in Security Centre
No ICMP types/Codes for IPv6

With regard to IPv6, I couldn’t see anything obvious to identify it’s availability for filtering?

Quick question. I see you’re also developing a version for linux. With that in mind, how do you see the future direction of the Windows version. Will you, for example, add application filtering, or will you be adding more iptables like features?

16

At this point in fireBwall’s development, we are keeping its foot print on the computer light. Once we have a more solidified plan for how we are going to manage things other than just packets at the NDIS layer, we will move into a more “official” position. This would include, installing as a service, registering with the security center, and disabling the Windows firewall. We are waiting for next release for ICMPv6, as the enabling of IPv6 came at the end of our release cycle, and ICMPv6 does so much more than ICMP did. For example, we need to make a module for dealing with NDP, which replaces ARP in IPv6. Now, someone had the genius idea to make a protocol for resolving MAC to IP relations based on IPv6 communication. I feel this is an extremely insecure method, and we want to put forth a strong effort to make sure that NDP poisoning doesn’t turn out like ARP poisoning. The IPv6 filtering that is in place actually in the most part comes in behind the scenes. Before, IPv6 went unprocessed, but now if you block port 80 incoming, it will block IPv6 addresses from connecting to port 80. Also the same with blocking specific IPs, you can input an IPv6 address for BasicFirewall rules that take IP addresses. As for the future plans, we are kind of still trying to figure out where we want to put our eggs. In the Windows version, we are understaffed, and have 0 funding. We are hoping that will change soon.

The linux version will have similar principles to it, but do not expect the same thing.

For big next steps for fireBwall, we are trying to pick one of the following to focus on, because our development team right now is two people, including myself, who are both in school and working a job: Developing our own driver, Per Application filtering with possible sandboxing, an easier way to update and distribute modules, and developing a good method for IPC for changes even further in the future. Right now while we are in this undecided phase for big changes, we are improving whats there. ICMPv6 is being filled out, but doing something like “Block all ICMPv6” won’t really make sense since it hosts NDP, so we’ll be coming up with an innovative solution to both NDP poisoning and being able to filter ICMPv6 without crippling network communication.

I’d also like to remind people, its not difficult to develop a module, and we will host your module for free. On firebwall.com you can submit your module, and you will get full credit. There is a tutorial on the google code page, and we are always available by email or on the IRC for any questions you may have regarding module development.

Sorry if I’m ranting, its been a long day, and we are waiting on word of funding and more developers. I’d like to thank Comodo for letting us post here, and if they feel like contacting me directly, I’m welcome to it.

-Brian W.

17

810×610 115 KB

There’s a GUI I’ve been working for the next version.

18

We at fireBwall decided it was about time we got our own forum.
http://firebwall.proboards.com Sign up today and get free bytes!