"8080 to 80"
What? That is still a forward on a nat.. If its just the host, then you would have the application listen on said port
Or you would have your border router forward 8080 to 80 to your box listening on 80, etc.. That statement still makes no sense.
As to blocking exe -- I fail to see a reason this is ever required other than circumvention of some phone home licensing scheme.
If you don't want something talking on the net, then you shouldn't be running said exe in the first place. Once a exe runs all is lost to be honest, what keeps said exe you ran from just turning off said firewall and or opening up the ports it needs on the local firewall. Sure a firewall can keep legit software from talking on the net, but its not a valid security method for preventing malware, etc. You don't run the malware in the first place is the idea
So are there hostile boxes on your local network segment? If not - I still not seeing the need for host firewall. All of mine are off -- it makes management more difficult for no reason. My network is secure at the trust border (internet) All devices are trusted and managed/secured by me that are on my network - ports that would be used in transfer from one machine to another machine if a worm did get in are open anyway. Since I file share between machines. Services I do not use are not running in the first place. I only run software that I trust, and have a IDS running so that if for say any weird exe did slip through and started sending weird traffic I would be notified, etc.
Good luck in your search, but the firewall that came with your box is more than sufficient for a host firewall. Why should you trust or think that some 3rd party could hook into the OS better than the maker of the OS?? I never got that mentality. Funny how in the linux world there is no firewall prevents exe from talking on the net. They all just do what they should do an block protocol and ports, or you can block a specific userid - I don't know of one that works on say a hash of the exe that is trying to talk on the network. Now you could secure the box with SELinux or use Apparmor and lock down applications from doing things they should not do - but that is not a firewall. In windows you could use applocker, part of the OS to limit what exe can run in the first place. This seems like a better approach then letting the exe run - and then either blocking or allowing its network access. What I have seen with these sorts of firewalls is the user just allows everything that pops up, or they block stuff that they should be allowing
Have seen where they blocked box from being able to get dhcp address or even lookup up dns because they did not understand what some exe was doing.
I have been asking for years and years around here for an example of why you need to block exe from talking to the network, when said exe is something you choose to run in the first place. If not something you choose to ran, blocking it from talking to the network is pointless and a defeatist attitude in security. Now if you want to lock your box down to NOT run applications you have not ok'd, I get that - and that is good policy. But trying to just block network access and allow anything that you click on to run or that tries to run on its own is looking at it the wrong way if you ask me.
edit: Here is something that might help, you seem interested in something that tells you what is trying to go outbound, and then allowing you to block or allow said application. Take a look at this - this uses just the built in firewall to accomplish what your after
http://www.howtogeek...ng-connections/
0
