Hello,To all

Well here i go again i just Installed Kerio
again 3 times i still don't get it could one of
you here help this old guy out please i have
some gif's if you need them just ask

Ver 2.15 on WinXp Home

Thank you :-[

Hi AAP

Some links you might find useful:

Kerio and pre-v3.0 Tiny PFW FAQ (http://www.dslreports.com/faq/security/2.5.1.+Kerio+and+pre-v3.0+Tiny+PFW)

Customizing Rules

System Wide (http://www.wilderssecurity.com/showthread.php?t=4413)
Global Permit/Block (http://www.wilderssecurity.com/showthread.php?t=4419)
Application (http://www.wilderssecurity.com/showthread.php?t=4423)
Final Block (http://www.wilderssecurity.com/showthread.php?t=4426)

I have also attached an image of a complete rule set as an example/guideline. Your rule set will have to be tailored for you.

Any specific questions on your rules, feel free to ask.

Regards,

CrazyM

Hello,CrazyM

First thanks for taking the time to reply to me
now i had a look at the links you posted i'm
still like Huh need help with how to place the
rules where they go now like i just said this

makes now 3 times i have Installed this FireWall
i can't let it go so any help at all but step by step
please how do you know what gos where i don't
get it & as for the applications well you see what
i am saying hey can i use the rules from LnS with this

I thank you :)

Hey,Paul

If you see this just like to say hi & hope
all is great for you & family ;)

Hi,CrazyM

Ok these here

Customizing Rules

1.System Wide
2.Global Permit/Block
3.Application
4.Final Block

i just had a look again so this is how to place
them where they go & do i use them as you posted
them or is that a bad idea now that i Installed it
again i have not used it should i go on & use the
FireWall or hold to i add the new ones

Good luck ;D

One thing you should understand about rule based firewalls in general is they are highly complex in nature, and you need to have a willingness to learn on your own so you can setup your own comfort level of control in you rules.

Here is yet another example, but its older. Please refer to the attached image for some updates, but if you take your time, read the material, try to understand what your doing you will be helping yourself while setting up your configuration.
http://www.broadbandreports.com/forum/remark,2896630~root=kerio~mode=flat

Sorry, wrong image, but most of the information will work with the link I gave, this was for another example. You should still look at this before the old example.

Hello,BlitzenZeus

First i thank you for taking the time to help me
& for the gif & link now that said last night i again
Uninstall/Reinstalled this FireWall hmmmm i just can
not let it go ::) ok here is the problem i am having

now if i where to use say something like this
would that get me going tell i go looking for more
info on rules & how to use them

1.DHCP

2.Inbound ICMP / Outbound ICMP

3.DNS

4.Loopback

5.Explorer

6.My Apps

7.Block rules

Or am i way off here let me know

Good luck :'(

Hi AAP

You are on the right track for your system rules. Basic rules to get most people up and running before any customizing:

Inbound ICMP - allow type 0, 3, 8
Outbound ICMP - allow type 3, 8

DNS - allow UDP, direction either, remote port 53

DHCP - allow UDP, direction either, local port 68, remote port 67

Loopback - allow UDP/TCP, direction either, remote address 127.0.0.1

These rules would be at the top of your rule set. Rules are processed top to bottom. Once a rule is matched, no further filtering occurs.

-{ Quote: "5.Explorer" }-
Do you really mean Explorer or Internet Explorer?

Your application rules.

Block Inbound - block Any, direction inbound, local port Any, remote address Any, remote port Any, enable logging. This rule would go at the bottom of your rule set and block any unsolicited inbound traffic. Having this rule and logging it just stops you from getting continual pop ups in regards to this traffic. The firewall will still prompt you for any outbound requests not covered by your rules.

You might want to post a screenshot of your rule set and we can offer specific suggestions from there.

Regards,

CrazyM

Hello,CrazyM

Thanks for the help now i will try what you just
posted & come back with a gif or 2 now i am going
to do it like i posted from top to bottom

I thank you for your help

Good luck

Sure you can start with a basic example ruleset like in my examples, or CrazyM's examples while learning as these are almost all system rules which everybody needs in some form. However the main point it to understand the rules you are setting in place.

I think you just need to find enough spare time to read through the information, and see if you understand what your doing. What got me to understand rule based firewalls was logging everything, and then figuring out what I needed to allow and block. I started with a rule based firewall more complex than Kerio, it was called AtGuard, and it took me a while to figure it out. I had a little help, but nothing like these examples or images I provide for other people to view. I had to learn most of this stuff on my own before there were all these help sites that dealt with personal firewalls. I was using AtGaurd before ZoneAlarm came out if that gives you any idea, and I think ZA is way too simplistic for my needs 8)

Hello,Guy's

Ok i added some of the new rules & i gave it
a run but here is what happen when i went
online a box came up that said this

Internet Explorer from your computer wants
to send UDP datagram to an IP # so i would hit
no & no page would load so i gave it a run again
but this time i click ok & the pages would load

i then had a look at the firewall & had 2 IE icons
& an icon of the FireWall so i delete both of them
i then removed the IP i was using for DNS & i
used the IP that both IE & KPF where asking for

& all the pages started to load with no problems
but here is what i don't get i ran some port test
well i ran 3 test & all was good but when i looked
at the IP it was the one that i removed from DNS
not the new IP that both IE & KPF where asking for

Help do i have a problem here or is it that i did
something dumb here what is new

Thank you

Hi AAP

Without some more details as to what you were actually being prompted for, it's hard to say what the issue was.

Could you post a screenshot of rule set we have something to work with.

Regards,

CrazyM

Hello,CrazyM

Ok these wher them

1) Internet Explorer from your computer wants to send
UDP datagram to & it was an IP #

Then right away i would get this here

2) KPF from your computer wants to send UDP
to & again the same IP as before

so when i would click no & would not load any
website when i would click Yes then they would load
so i had a look at the FireWall & there was
a new IE icon & also KPF so here is what i did

i removed the 2 icons then i removed the IP
from the DNS rule & replaced it with the one
from that box i was gething & all was good
am i ok here or did i do something wrong

if you need i will post some gif's for you

Thank you

Hi AAP

Without knowing the remote IP and remote service/port I would only be guessing. The screenshot or complete log entries would help.

Regards,

CrazyM

Ok here you go IP was this 68.9.16.25
& the port was this Port 53

hmmm i can't add a gif file

Thank you

-{ Quote: " quoting: AAP link=board=23;threadid=11273;start=0#msg73455 date=1058223809]
Ok here you go IP was this 68.9.16.25
& the port was this Port 53" }-

That will be a DNS request. Have you restricted your DNS rule(s) to specific remote IP's? That IP resolves to Cox Communications, is that your ISP?

-{ Quote: "hmmm i can't add a gif file" }-

Forgot to mention, you have to be a registered member to post images.

Regards,

CrazyM

Hi,CrazyM

Yes cox.net but why did it work after i
removed what ipconfig said was my IP
& used that new IP :o

Yes i keep trying to get the new password
& i keep gething E-Mail sent & i go & have a
look & as always nothing there lol

Thank you

-{ Quote: " quoting: AAP link=board=23;threadid=11273;start=15#msg73458 date=1058224556]Yes cox.net but why did it work after i
removed what ipconfig said was my IP
& used that new IP :o" }-

"...my IP"??? Did you use your public IP or DNS servers?

When you run "ipconfig /all" make note of the DNS servers and add them to your custom addresses.

Then modify your DNS rule:
Allow, Protocol - UDP, Direction - Both, Remote Address - Custom Addresses, Remote Port - 53.

Regards,

CrazyM

Hi,CrazyM

Ok thank you that's just what i did was not
sure if it was the IP or DNS Servers you know
why is it that you show a lot more IPs then i do

here is how i did it ipconfig
Or should i try ipconfig /All

& if there are more then one DNS Servers
do i add them all or just the first one

I thank you

Run "ipconfig /all" and that should list all your DNS servers as in the image in my previous post. How many DNS servers your ISP uses may differ from mine.

Regards,

CrazyM

-{ Quote: " quoting: CrazyM link=board=23;threadid=11273;start=15#msg73477 date=1058227740]
Run "ipconfig /all" and that should list all your DNS servers as in the image in my previous post. How many DNS servers your ISP uses may differ from mine.

Regards,

CrazyM
" }-

My isp changes the dns servers every time I dial-in, and they have about twelve rotating servers they assign. So with Kerio I had to use a Alert rule which should be in a previous example to block programs from trying to tunnel out by faking dns type packets to capture when I needed to add another isp dns server to my custom address list. I first verified the the dns address with ipconfig, and then added it.

Some isp's don't do this annoying practice, its annoying when your trying to strictly secure your computer, and you might be assigned the same two dns servers for a long time on that provider so you could easily put those in one to two rules. Otherwise the custom address group is quite useful also.

Hello,CrazyM

I would like to thank you & all who helped me
with Kerio so far all is great the pages are loading
a lot faster are there any other rules you know of
that will maybe help with Pop-up & Spyware just
would like to know & to BlitzenZeus yes i did

the ipconfig /All & a big # of IP's showed up
so are you saying that if i like i can add more
then one DNS IP or do i have it wrong so far
i like this FireWall

I thank you all

Hello,Guy's

I just added a lot more rules & this puter is
running great much faster then before i will
add the to all my puters oh but one thing

you know that check MD5 now the idea
of this is to check for any changes to the
software it looks after Yes/No if it is to
tell you that something has changed then

please tell me why when i Uninstall say
my Ad-Aware Build 162 to the Latest 181
which i have Installed in the same place
i think it should have picked it up right or
am i wrong here well you have a good one

Good luck

-{ Quote: " quoting: AAP link=board=23;threadid=11273;start=15#msg73865 date=1058388350]
please tell me why when i Uninstall say
my Ad-Aware Build 162 to the Latest 181
which i have Installed in the same place
i think it should have picked it up right or
am i wrong here well you have a good one
" }-

It has been awhile since I have run Kerio, but it should prompt and advise of a change when the updated program tries to access the the network for the first time. You can also manually check/confirm/update the MD5 from the list.

Regards,

CrazyM

Hello,CrazyM

Will had to Uninstall Kerio again & reinstall
now 5 times each time i go to windows update
& download & install an update & i restart the
puter i end up with about 4 rules all the others
go bye bye also i ran a test on my self with that
MD5 like you said by doing it manually

no good at all i get no warning at all that
anything has changed this is not good right
well like i said i like the FireWall so i will keep
working on it tell i can get it the way i want

Thanks for all the help

Good luck

Hi,CrazyM

Sorry if you see paul please tell him i said
hi & the best to him & family & the site is great

Good luck

-{ Quote: " quoting: AAP link=board=23;threadid=11273;start=15#msg74050 date=1058475591]
Hi,CrazyM

Sorry if you see paul please tell him i said
hi & the best to him & family & the site is great

Good luck
" }-

Thanks compadre ;) My best regards to AAMinus ;D

regards.

paul

Hey,Bud

There you are it's good to see you i hope
all is great with you & family sorry for using AAP
just like to say hello well you have a great weekend

you have some A one great help here

Good luck ;D