Years ago I used free Tiny Personal Firewall, a very small and lightweight application with almost no system resources usage. It was even safer and better than bloated commercial software firewalls. Last 'Tiny' version was 2.0.15, it was later called Kerio Personal Firewall, but used the same engine until version 2.1.5; Then it was sold to Sunbelt Software, who turned it into another bloated app. You can find those releases in oldapps.com, oldversion.com and similar sites. If you also download TPF 2.0.9, you'll get a user's guide for both Tiny and Kerio Personal Firewalls.
Get Kerio Personal Firewall 2.1.5 here:
http://www.sunbelt-software.com/ihs/alex/keriopf215.zipHowever, those tools were not very user-friendly. Either you started with an "everything is allowed" general rule, which is the same as not having a firewall, and had to manually enter each rule to forbid unwanted traffic, or with an "everything is forbidden" general rule, and then your Internet connection was completely disabled until you manually entered custom rules to allow required traffic. There were some very useful and complete guides out there, maybe they are still online.
So, if you find the custom firewall solution too complicated, try first a custom HOSTS file as gdonovan suggested. It's almost like a firewall (though it only filters IP addresses, not TCP/UDP ports and applications), but extremely easy to install: just download the HOSTS file and you're all set.
EDIT: Ok, here are some of the basic firewall rules I can remember to have used, if you want to go the firewall route:
- loopback rule: basically you must allow every traffic from localhost to localhost.
- DNS rules: you should allow incoming/outgoing UDP traffic to remote port 53 on your ISP's DNS servers IP addresses.
- Ping rules: I think you had to allow every ICMP Echo Reply and ICMP Echo Request to avoid connection timeouts.
- Browser rules: allow outgoing TCP traffic to remote ports 80, 443 and 8080 on your web browser.
- Email rules: allow outgoing TCP traffic to remote ports 25, 110 and 143 on your email client.
- FTP rules: allow all outgoing TCP traffic to remote port 21 on your FTP client. For active mode, you also need to temporary allow incoming TCP traffic from remote port 20 when requested. For passive mode, temporary allow any outgoing TCP to remote server address when requested.
- Download manager rules: just apply the previous browser and FTP rules to your download manager.
- Messenger rule: I use MSN messenger, so I enabled any outgoing TCP traffic to remote port 1863 on MSN client. Other IM networks/clients may use different ports.
- IRC rule: I never liked IRC, but if you do, just allow any outgoing TCP traffic to remote port 6667 on IRC client.
I think that's about everything you'll ever need on a daily basis. I left out P2P rules as you won't be able to use P2P with a dial-up connection anyway, and also server-side rules as you don't want to be a web/ftp/whatever server, either.
Home
