Firewalls like Unix on windows?

is there any firewall software on PC that allows you to bloack all ports/IPs and then open the specific ports you want opened and allow only the specified Ips in?

And I can definately say that ZoneAlarm Pro sucks in this regard.

ZA is indeed very basic, if you want a better
control on your FW, try Tiny Personal Firewall from
http://www.tinysoftware.com/

I personally was very content with AtGuard, which is now taken over and incorporated by Norton Internet Security.

With NIS you can block all ports and set rights for each program, for each port, for each address and whether only inbound or only outbound or both is allowed.

So you can allow for example inbound traffic by Outlook only through port 110, for only pop.yourprovider.com.
Any other program that tries to connect through port 110 or when Outlook tries to connect through a different port or to a different address it will fail.

You have to make sure you set your permissions right, because you might experience difficulties when you don’t (programs that don’t work properly).

Combined with for example BlackIce you can also do a little backtrace of possible intruders. BlackIce not only ries to stop intruders, but it will also try to gather as much information as possible from the ‘attacker’.

The thing is I dont want to protect a single port or be prompted for each example. I want like a unix Firewall (Ip chains). This server I amtrunning is in a dangerous circumstance, thus ho hum “click me now to allow” tools are pretty much useless. I want everything blocked except the IPs I specify and same for the ports. I know what I want to allow. its is about 5 things compared to what I disallow … everything else. So by your explanation what you mentioned doesnt sound the best.

lanky - ZoneAlarm Pro

Futredude, Imusing Zone Alarm Pro… it sucks badly for what I am doing.

i gotta put in everyone 10.134.0.0/22 range and then update it correctly when i wanna add someone’s machine in that range.
EG: 10.134.1.150, 10.134.1.150, 10.134.2.140, 10.134.1.160, etc etc etc…

Zone Alarm pro is horrid for serious firewall situations.

With NIS you can configure your firewall prior to your use and disable the learning assistant. You can simply configure several programs with several ports to allow certain kind of traffic to certain addresses. For each option you can use ranges too.

That way you have the same effect.