Using TrafMeter as firewall

Although TrafMeter, promoted as traffic monitoring software, is typically used in conjunction with a separate firewall, it has the capability to deny network packets because it is built on a firewall engine.
 
Let's consider a typical case for creating a firewall solution using TrafMeter. For example, we have an office network whose gateway runs Windows Server 2003, with Routing enabled and Remote Access Service (RRAS) playing the NAT-router role. What packets should be denied to defend the gateway against hackers? A solution would be to restrict access to all network services on the gateway from any untrusted networks. This goal can be reached when you enable firewall on the public interface.

Stateful Inspection technique

TrafMeter firewall is not simple packet-filtering engine. The firewall has "Stateful Inspection" feature which significally increases overall security. If you access some outside service, the server remembers things about your original request like port number, and source and destination address. This "remembering" is called saving the state. When the outside system responds to your request, the firewall server compares the received packets with the saved state to determine if they are allowed in.

 Note

• Capture Mode must be Active, otherwise the firewall will not discard packets.
• The firewall works only with single network adapter that must be marked as "public".
• By default, the firewall enables all outgoing traffic (only for TCP, UDP and ICMP protocols) and blocks any incoming communication.
• If you wish allow an access to network services running on your computer or inside your network, you should setup the firewall exceptions.
• The firewall works only in packet-filtering mode, the application level is not supported.
• Use passive FTP connections in your FTP client.
• Denied packets are logged to %programfiles%\TrafMeter\Logs.