Yes I use Kerio per.firewall,Ill be online and the firewall alerts me to incoming ICMP kernal driver packets.(usually from verizon or Q-west).My problem is it shuts down my explorer with an error message and I have to start all over again and pray no more incoming traffic comes my way.I dont want to allow any snoops to sneak spyware onto my system so I deny access.Is there any way to configure a rule where Kerio does not interupt me,yet keeps the spys out?P.S.Greetings Pieter and Dan and everyone else!!!

Hi Mua-Kell

Could you post some sample log entries of what is being blocked.
Also, what ICMP rules do you have in place right now?

Regards,

CrazyM

Well obviously I havent set up my firewall,either well or at all.I didnot have it set to record suspicious attempts in the log file.And I think I had it set to permit any incoming.So should I check the deny box?

incoming icmp time exceeds...permit.other icmp...deny.outgoing PING(incoming icmp...permit.Outgoing PING...permit.Outgoing reply on PING...permit.

CrazyM, as soon as I get any more suspect incoming traffic I'llpost it.they are being logged now!This should not take long it happens often.If I'm in a game server on sometimes on a web page I either get kicked out of the server or an explorer error message.Im usin Win 98 S.E.,a56k internal modem with dial-up conn.Also the connection prompt comes on at start up without me asking for it.

-{ Quote: " quoting: Mua-Kell link=board=23;threadid=11064;start=0#msg72039 date=1057554456]Well obviously I havent set up my firewall,either well or at all." }-
Well hopefully we can help here.

-{ Quote: "I didnot have it set to record suspicious attempts in the log file." }-
Probably best for now unless you need to troubleshoot something in particular.

-{ Quote: "And I think I had it set to permit any incoming.So should I check the deny box?" }-
If you have a permit all inbound rule, that is not a good thing.
Change it to block and move it to the bottom of the rule set.

Regards,

CrazyM

-{ Quote: " quoting: Mua-Kell link=board=23;threadid=11064;start=0#msg72040 date=1057554804]
incoming icmp time exceeds...permit.other icmp...deny.outgoing PING(incoming icmp...permit.Outgoing PING...permit.Outgoing reply on PING...permit.
" }-
Basic ICMP rules that should be safe for most users:

Permit Inbound: type 0, 3, 11

Permit Outbound: type 3, 8

Block All Other ICMP (direction either)

Regards,

CrazyM

Hi Mua-Kell

Some other links you might find useful:

Kerio and pre-v3.0 Tiny PFW FAQ (http://www.dslreports.com/faq/security/2.5.1.+Kerio+and+pre-v3.0+Tiny+PFW)

Customizing Rules

System Wide (http://www.wilderssecurity.com/showthread.php?t=4413)
Global Permit/Block (http://www.wilderssecurity.com/showthread.php?t=4419)
Application (http://www.wilderssecurity.com/showthread.php?t=4423)
Final Block (http://www.wilderssecurity.com/showthread.php?t=4426)

I have also attached an image of a complete rule set as an example/guideline. Your rule set will have to be tailored for you.

The sample uses application specific loopback rules instead of a generic loopback rule(s) for any applications. The one rule you would not want to use right away would be the "Block Outbound All Other". Let the firewall prompt you instead for anything wanting access.

Regards,

CrazyM

Thanks CrazyM,I'll set it up right now.You know we users really apprieciate the folks at Wilders for all they have done to keep us up and running.You guys survive that mass hack thing yesterday?