Irbis Firewall: Your personal firewall software for Windows XP/2000

Download the Firewall:
Blacklist updates:
Subscribe:
  • We just tried to make our software easy, powerful, compact and reliable. We hope we did it.
  • Irbis Development team
Irbis Firewall Overview

See also: Irbis Firewall Main Window > Table of content

Base capabilities

Irbis Firewall is a firewall application developed for using on Microsoft Windows 2000, Windows XP and Windows ME operating systems. The primary function of Irbis Firewall is filtration of the IP-packets based on the network-level fields of packets, such as source and destination addresses, source and destination ports, ICMP messages types and codes. Irbis Firewall doesn't filter packets on the application-level for not to decrease Windows functioning safety by installing necessary drivers.

Irbis Firewall distributive package contains two programs:

  • Irbis Firewall filter and management application (Irbis.exe), which allows you to configure Irbis Firewall easily and monitor its work. This application can also work as a packet filter if service application is not active. This application also acts as Log file viewer
  • The service application (IrbisSVC.exe), which works in the service (background) mode when the Service mode is used. Service mode is supported on all modern Microsoft Windows operating systems and is recommended to use

After startup Irbis Firewall automatically starts the process of packet filtration. The filtration is applied to all the packets sent or received through any IP-interface. Irbis Firewall also tracks activation and deactivation of interfaces, and applies separate filtering rules to each active interface. This technology makes Irbis Firewall protection very flexible and allows you to customize the network activity of your computer.

All IP packets are checked with rules. Every rule has a condition part and action part. Condition part describes the set of options like protocol, sender address, destination address, packet flags, destination and source ports and others. If packet conforms with condition part of the rule, then this packed will be processed as action part claims. Action part is a combination of the following flags: pass or drop packet, save packet into a log file or not, and notify user that packet was logged or keep silent.

Rules are joined into a groups called Rulesets. Every ruleset is a set of rules and policy (default rule that conforms with all packets). When the packet is checked by ruleset, it is checked with every rule that ruleset includes. If packet is conformed with some rule, the action this rule contains have to be used. If there was NO rule that conforms with a packet, than policy action will be used.

Your computer is connected to network by network interfaces. Network interface is a device like the network adapter or modem that established link with your Internet provider. To protect your computer, Irbis Firewall attaches two rulesets to each of network interfaces of your computer. The first ruleset is called Input ruleset, and it checks all packet that is received by this interface. The second ruleset is called Output ruleset and is used to check packets that are sending out of your computer through this interface.

Process of attaching rulesets to network interfaces is called binding. Irbis Firewall has a binding table that is used to select rulesets that will be bound to the network interface. Binding table has two parts - IP subnet address and two ruleset names, one is Input ruleset name and the second is Output ruleset name. When Irbis Firewall detects that there are unsecured network interface on your computer, it looks in the bindings table. If IP-address ofthe network interface is included into the subnet address of some binding tables' row, then rulesets whose names stored in this row will be used to control IP packets that will be sent or received through this network interface.

  • The required binding is selected according to the following principles: bindings are searched in order of increasing the net size defined by the Network mask value, i.e. bindings for a smaller subnet are of more priority. If required binding is not found in the table, the default binding is used.
  • Irbis Firewall also supports special addresses. These addresses are evaluated only when ruleset that contains such special address is bound to IP-interface. With special addresses, expirienced users and system administrators can create universal rules that does not depend on computer configurations and connections. Here is a list of such addresses:
    • local - IP-address of interface itself
    • local net - IP-address of subnet that interface belongs to
    • subnet broadcast - broadcast address of subnet that interface belongs to
    • nameservers - all DNS servers
    • broadcast - all-broadcast address 255.255.255.255
    • any - any IP-address (0.0.0.0/0.0.0.0)
  • The last two special addresses always have the same value, and were designed to improve IPv6 support in future releases.

To ease firewall configuration on your computer, Irbis Firewall supports Security levels. Security levels was designed to be as much secured as it's possible, so we recommend that novice users use default security levels. Irbis Firewall supports also dynamic user preferences. These preferences can be easily modified by novice user to customize access control. That's important that user preferences always are more preferable than Security level rules.

Additional capabilities

Irbis Firewall has an embedded HTTP proxy server. Irbis Firewall configuration wizard allows you to configure this feature automatically with typical settings, that helps you to prevent access to unuseful and untrusted content. Proxy-server supports CONNECT, GET, HEAD and POST methods, and allows you to control access with the following conditions:

  • Client computer IP-address
  • Server address
  • Part of server address
  • Requested document name
  • Part of requested document name
  • Request method