I'm looking for a simple software firewall, much like one provided by a router. Something that does nothing other than close all ports other than designated ones.

Anything available?

not sure what you're using this system for but i would personally recommend kerio personal firewall, from the developers of tiny personal fireway. you can get it at http://www.kerio.com/us/kpf_home.html This will give you the funtionality to filter ports etc however it doesn't have very many preset services for you, so you'll need to do a little configuring. it also includes an md5 hash of programs you allow access to, when combined with a clean installation this can help spot trojans or any modifications on programs that have access

it's only free if it's for a home system, however. otherwise you have to pay a small fee

Is there a freeware firewall I can use?

I need something that doesn't use too many resources. My server is under too big a load as it is.

Another possibility: is there a good pci firewall that's cheap? Something that has the same functionality as a router.

Not sure how cheap is cheap but I am currently using a SnapGear PCI630 Firewall Card http://www.snapgear.com/pci630.html and it is working nicely :)

It is actually a Linux based PC on the card which acts as a firewall.

Lol, 300$US. Out of the question. That has way too much functionality.

Something simpler...

Well, did not know what your budget was for a hardware based firewall. Actually $300 was a bargain for such a card.

For software, you could try http://www.tinysoftware.com/home/tiny2?la=EN . You probably need someone local to install it for you since it comes with totally lockdown. If you install it remotely, you will lose access to your server ;)

Or you could use IPSec on the server - that will give you some basic port filtering if that's what you're after. You cannot, however, use IPSec to close down ranges of ports, so you'll have to do it the wrong way around (compared to best practice): You'll close down single ports that you doesn't want anyone to connect to.

Run mmc and add the IP Security Policies, then save it - it's not in Administration tools in a standard W2K.

I'll look into it. It would be nice if it automatically closed all ports and let you choose which ones to leave open... Like the integrated firewall for winxp.