See also: Ultimately, all firewalls are -based [ ], but some firewall solutions are provided as software solutions that run on general purpose operating systems. The following table lists different firewall software that can be installed / configured in different general purpose operating systems. • can target only single destination TCP/UDP port per rule, not port ranges. Firewall rule-set advanced features comparison [ ] Can: work at OSI Layer 4 (stateful firewall) work at OSI Layer 7 (application inspection) Change TTL? (Transparent to traceroute) Configure REJECT-with answer DMZ (de-militarized zone) - allows for single/several hosts not to be firewalled. • WinGate 6.x supports 3rd party modules for data scanning only (e.g.
Personal firewall software products guard a home network's privacy and from attack. These top personal firewall products are all good choices.
Antivirus and content filtering). Non-Firewall extra features comparison [ ] Those features are not strictly firewall features, but are sometimes bundled with firewall software, or exist on the platform. NOTE: Features are marked 'yes' even if implemented as a separate module that comes with the platform on which firewall sits. IDS: real-time firewall that logs/sniffs/blocks suspicious connections that are not part of rule-set. VPN (Virtual Private Network) Types are: PPTP, L2TP, MPLS, IPsec, SSL/SSH.
Profile selection: The user can switch between sets of firewall settings, e.g. For use at work, at home, and on public connections.
Can: (static, dynamic w/o ports, PAT), (Intrusion Detection System) (Virtual Private Network) AV (Anti-Virus) Sniffer Profile selection Yes No Yes (with integrated Snort) Yes (IPsec and OpenVPN) Yes (with clamav) Yes (with tcpdump)? Yes Yes (IPsec and OpenVPN) Yes (clamav,commtouch (optional) ) Yes (tcpdump)? Yes (three NAT types)? Yes (integrated Snort) Yes (IPsec and OpenVPN) Yes (with clamav,Sophos Antivirus (optional) ) Yes (with wireshark or tcpdump)?
Yes (with NetPatrol) Yes (proprietary) Yes (Kaspersky Labs) Yes (filtered capturing to pcap format) No Yes No Yes (with Snort) Yes (OpenVPN, IPsec, L2TP, IKEv2, Tinc, PPTP) Yes (with squid and clamav) Yes (tcpdump) No See also [ ] • • • References [ ].