PROBLEMCHYLD

Yeah, I'm using it as we speak. I'll release what I have and maybe someone can improve on it.

All the patches in the world couldn't keep Windows 9x alive, XP is NO different. I'll do a clean install once support ends. HNY!!!

Some years back, I would use MalwareBytes & MSE to clean family and friends computers slaving the HDD. Great combination and never conflicted with each other.

Well, I haven't use a Virus Scanner or Malwarebytes in years. What are you guys gonna do when the definitions stop or become incompatible?

No problems here either on my WinXP machine.

My rules come from here in case you're wondering. https://www.wilderssecurity.com/threads/tutorial-expert-linux-firewalling.376935/

I just switched my Slackware Linux to Wifi Hotspot and it respects the iptables rules. Here are my rules, might help you if nothing else. iptables -P OUTPUT DROP iptables -P INPUT DROP iptables -P FORWARD DROP iptables -A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP iptables -A OUTPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP iptables -N drop_invalid iptables -A OUTPUT -m state --state INVALID -j drop_invalid iptables -A INPUT -m state --state INVALID -j drop_invalid iptables -A INPUT -p tcp -m tcp --sport 1:65535 --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j drop_invalid iptables -A drop_invalid -j LOG --log-level debug --log-prefix "INVALID state -- DENY" iptables -A drop_invalid -j DROP iptables -N RULE_0 iptables -A INPUT -i wlan0 -s darkstar -j RULE_0 iptables -A RULE_0 -j LOG --log-level info --log-prefix "RULE 0 -- DENY" iptables -A RULE_0 -j DROP iptables -N RULE_1 iptables -A INPUT -p icmp -m icmp --icmp-type any -j RULE_1 iptables -A RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- DENY" iptables -A RULE_1 -j DROP iptables -N RULE_2 iptables -A INPUT -p tcp -m tcp --dport 43 -j RULE_2 iptables -A RULE_2 -j LOG --log-level info --log-prefix "RULE 2 -- DENY" iptables -A RULE_2 -j DROP iptables -N RULE_3 iptables -A INPUT -p tcp -m tcp --tcp-flags ALL URG,PSH,FIN -j RULE_3 iptables -A RULE_3 -j LOG --log-level info --log-prefix "RULE 3 -- DENY" iptables -A RULE_3 -j DROP iptables -N RULE_4 iptables -A INPUT -p tcp -m tcp --tcp-flags ALL URG,ACK,PSH,RST,SYN,FIN -j RULE_4 iptables -A RULE_4 -j LOG --log-level info --log-prefix "RULE 4 -- DENY" iptables -A RULE_4 -j DROP iptables -N RULE_5 iptables -A INPUT -p all -f -j RULE_5 iptables -A RULE_5 -j LOG --log-level info --log-prefix "RULE 5 -- DENY" iptables -A RULE_5 -j DROP iptables -N RULE_6 iptables -A INPUT -p udp -m udp --dport 513 -j RULE_6 iptables -A RULE_6 -j LOG --log-level info --log-prefix "RULE 6 -- DENY" iptables -A RULE_6 -j DROP iptables -N RULE_7 iptables -A INPUT -p udp -m udp --dport 33434:33524 -j RULE_7 iptables -A RULE_7 -j LOG --log-level info --log-prefix "RULE 7 -- DENY" iptables -A RULE_7 -j DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A FORWARD -o lo -j ACCEPT iptables -A OUTPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 21 -m state --state NEW -j ACCEPT iptables -A OUTPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT iptables -A OUTPUT -p udp -m udp --sport 67 --dport 68 -m state --state NEW -j ACCEPT iptables -A OUTPUT -p udp -m udp --sport 123 --dport 123 -m state --state NEW -j ACCEPT iptables -A OUTPUT -p tcp -m multiport --dports 25,110,143,465,587,993,995 -m state --state NEW -j ACCEPT iptables -A OUTPUT -p tcp -m multiport --dports 80,443 -m state --state NEW -j ACCEPT iptables -A OUTPUT -p udp -m multiport --dports 500,1701,4500 -m state --state NEW -j ACCEPT iptables -A OUTPUT -p tcp -m multiport --dports 6667,6697 -m state --state NEW -j ACCEPT iptables -N RULE_9 iptables -A OUTPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j RULE_9 iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j RULE_9 iptables -A RULE_9 -j LOG --log-level info --log-prefix "RULE 9 -- ACCEPT" iptables -A RULE_9 -j ACCEPT iptables -N RULE_10 iptables -A OUTPUT -p 47 -j RULE_10 iptables -A INPUT -p 47 -j RULE_10 iptables -A OUTPUT -p tcp -m tcp --dport 1723 -j RULE_10 iptables -A RULE_10 -j LOG --log-level info --log-prefix "RULE 10 -- ACCEPT" iptables -A RULE_10 -j ACCEPT iptables -N RULE_11 iptables -A OUTPUT -p tcp -m tcp --dport 3389 -j RULE_11 iptables -A OUTPUT -p udp -m udp --dport 3389 -j RULE_11 iptables -A RULE_11 -j LOG --log-level info --log-prefix "RULE 11 -- ACCEPT" iptables -A RULE_11 -j ACCEPT iptables -N RULE_12 iptables -A OUTPUT -p tcp -m multiport --dports 43772,1024:65535 -j RULE_12 iptables -A OUTPUT -p udp -m multiport --dports 43772,1024:65535 -j RULE_12 iptables -A RULE_12 -j LOG --log-level info --log-prefix "RULE 12 -- ACCEPT" iptables -A RULE_12 -j ACCEPT iptables -N RULE_13 iptables -A OUTPUT -p udp -m udp -j RULE_13 iptables -A INPUT -p udp -m udp -j RULE_13 iptables -A RULE_13 -j LOG --log-level info --log-prefix "RULE 13 -- DENY" iptables -A RULE_13 -j DROP iptables -N RULE_14 iptables -A OUTPUT -p tcp -m tcp -j RULE_14 iptables -A INPUT -p tcp -m tcp -j RULE_14 iptables -A RULE_14 -j LOG --log-level info --log-prefix "RULE 14 -- DENY" iptables -A RULE_14 -j DROP iptables -N RULE_15 iptables -A OUTPUT -d darkstar -j RULE_15 iptables -A INPUT -j RULE_15 iptables -A RULE_15 -j LOG --log-level info --log-prefix "RULE 15 -- DENY" iptables -A RULE_15 -j DROP

Rev 06 Updated OpenSSL v1.0.2q Download in first post

Does your router have dmz mode?

This type of tactic is gonna force people to upgrade all computer and devices just to fatten the pockets of the greedy giants. I'll go back to a flip phone before I keep flushing my hard-earned money down the drain. This generation needs to learn what boycott means.

Interesting article jaclaz, but I believe its a smoke screen. Why are some many vendors killing off support for older OS? We all know that Microsoft is here to make money. The Linux + Windows combination propaganda is for the blinded sheep. If Microsoft is not benefiting from it, I don't see involvement from them. Being optimistic, anything is possible... Microsoft is about making billions of dollars, that's it, that's all !!! For Linux to be free and open source, their pockets are nowhere near MS and Apple. In other words, MS ain't going or giving anything away for free. These are facts. I see Apple capitalizing off Microsoft downfall, its surely happening now as we speak.

@ FranceBB, Some say the best things in life are free, I disagree. I see myself in the future becoming an Apple NUT, if Microsoft don't get it together. I do have until the death of Win 7. Hopefully by then Microsoft would've gotten the message. Nonetheless, Skype does allow me to communicate with my family when I'm away from home, which is a major PLUS+ for me.

Linux isn't too much better. Some software will NOT run if you're not using the latest distro. Some software requires massive libs. Some software is 64bit only. For the most part you should get the basics out of it...

I'm not a programmer and I only use Skype when I'm away from home. When I did a fresh install of WinXP, I didn't even bother to install it.

Its possible, but the question you should be asking is, who is up for the task? These days people are using alternatives and (or) patching things themselves. WinXP is getting the same treatment us Win98 users got in the past. You'll either have to do it yourself or live without. I have chosen the latter, and it works for me as of the moment...

I will say hes an ambitious little fella.................. Up votes will increase about 3%

You should maybe PM blackwingcat, he's really good at fixing things like this. A lot of programmers are jumping on that (Kill Support for Older OS) Microsoft bandwagon. It really is only a handful of experienced programmers on MSFN as of now, use to be a whole lot more of them years ago.

But they will. I still have drivers from computers I no longer have for nostalgia. I might come across the same model and don't have to search for drivers or updates.

Did you guys know WinXP Pro has a hidden L2TP Server that can be used? Proof of concept although I have been using it for over 2 years, just thought I'd share with it you guys. Since I won't be upgrading pass Win 7, I have been utilizing the tools that comes with Windows XP. I really don't see myself supporting 3rd party software for Windows anymore since they're so keen to kill support, their lost not mines.

Like I said, I'm trying to automate the task at hand. I need a batch file that will create a Firewall directory in C:\Program Files and run the necessary commands and disable Windows Firewall in Security Center.

Finally got most of it figured out. I gonna check out Microsoft Network Monitor and see how robust the logging is. Got FTP working as well....

I'm still testing but will share soon. I'm trying to automate the task. Can someone put all this in a batch script please?

Windows XP running with and without IPSec Firewall.

Lately I've been playing with Windows IPSec Firewall and I like it a lot. I try to avoid installing a bunch of unnecessary bloat. I gathered a bunch of rules from the internet and made it close to my iptables ruleset from Linux as possible. Seems to work pretty good except for a few caveats: 1. Can't get Kerberos to go in stealth mode 2. You have to manually add the ip range 3. Some rules have to be force from the cmd line or bat file. Other than that, its my new Firewall for WinXP.

Thanks