“QaasWall” is an open-source Firewall (basic Network Security tool) for windows which uses IP security policy (IPSec) to block IP address automatically that means users does not need to make any efforts other than running the setup on the server. The word “Qaas” in Arabic means Tough which spells it as ToughWall. After installation all your previous rules (IPSec or Firewall rules) would get disabled and it works in layers which are mentioned below:
1. It will scan all the standard ports DNS, MSSQL, MySQL, SMTP, POP3, HTTP, SSL and Sharing on the server and save its out put in a file, which is saved in the /temp directory, with the info on how many connections does each IP address have on them.
2. Any IP that has more than 100 connection at the time of scan will be blocked using Windows IP security Policy, named “Qaas Policy”. Any IP address that has been already blocked, added in white list file or belong to the server will be ignored.
3. Currently QaasWall creates 2 schedule tasks, QassWall and Qaas Empty, one of it is to scan services every 5 mins and other to delist IP addresses after 24 hours.
4. The IP will remain blocked for 24 hours (max) and Qaas will release the IP address then.. These setting can be changed by rescheduling the Task.
QaasWall also has a white list file where you can add IP that you want to be safe. Any IP that belong to the server or is already blocked or is added in the white list, will be ignored.
This firewall is developed by Eukhost Windows System Administrator Martin to overcome the limitations of Windows Default firewall. He said, “I have been working on how to block IP Addresses on Windows server for 2 years due to the fact that Windows 2003 Server did not have any option in the default firewall to block a single IP address and these is the reason I was curious to create something that would allow us to block a single IP address on the server. Then we found IP security policy which looked a bit complicated and difficult to configure however we managed to master it in no time. We have always faced numerous attack on our Windows server specially a brute force attack on the MSSQL master login “sa” and it use to be a pain in back side to block single IP address every time. This was the only reason (or you can call it a desperate need) why QaasWall was brought to life.”
QaasWall Firewall can be downloaded from source forge.