I'm an outpost / Zonelabs user thought I'd give LNS a try.

I have loaded it - seems light and functional.

I haveloaded the enhanced rules and turned on Stateful inspection, Advanced mode - didn't notice a change, DNS watch and THread injection.

A number of applications have now asked for access - they appear to be able to do anything that the global rules allow.

{QUOTE-> Yes, just allow the application when Look 'n' Stop display the popup.
Then:
- if you don't see any issue for the application to connect and use internet, the configuration is complete (for a standard usage).
- if you see the application has some problems:- look if a ruleset is available for that application in our FAQ
- if not available, ask the forum in case someone has the rule
- if nobody has the rule, you will have to look at the Look 'n' Stop log page to create a rule (either manually by looking at the port, protocols..., or automatically with a right click)
Frederic <-QUOTE}


In the application window I can select app and then edit it appears to allow pos to add restriction to particular apps - the dialogue is not very informative? Do people add extra per app restriction or rely on the packet rules. I noticed some rules for apps like p2p not svchost etc.



I did load Phant0m's v6 rules but they blocked Proxitron and Firefox? not sure why.

i personally just rely on packet rules. also for phant0ms ruleset make sure u correctly set the dns and dhcp rules. i have hardened my windows xp and i have nod32, ewido and regrun so i doubt id get easily infected or hacked.

{QUOTE-> i personally just rely on packet rules. also for phant0ms ruleset make sure u correctly set the dns and dhcp rules. i have hardened my windows xp and i have nod32, ewido and regrun so i doubt id get easily infected or hacked. <-QUOTE}

THanks - I see my error no name or ip resolution

Your config sound very like mine - adding Proxitron + PG

I'm gonna try some leak test a bit later

Not sure how good these test are
http://www.atelierweb.com/awft/
From Site
One: Attempts to load a copy of the default browser and patch it in memory before it executes. Defeats the weakest PFs.
Two: Creates a thread on a loaded copy of the default browser. Old trick, but most firewalls still fail.
Three: Creates a thread on Windows Explorer. Another old trick, but almost every firewall still fail.
Four: Attempts to load a copy of the default browser from within Windows Explorer and patch it in memory before execution. Defeats PFs which require authorization for an application to load another one (succeeding on Technique 1) - Windows Explorer is normally authorized. This test usually succeeds, unless the default browser is blocked from accessing the Internet.
Five: Performs an heuristic search for proxies and other software authorized to access the Internet on port 80, loads a copy and patches it in memory before execution from within a thread on Windows Explorer. Very difficult test for PFWs!
Six: Performs an heuristic search for proxies and other software authorized to access the Internet on port 80, requests the user to select one of them, then creates a thread on the select process. Another difficult nut to crack for PFWs!


But with Phant0m's v6 rules - Stateful inspection on - DNS watch on and Injection on LNS passed all

Outpost did not pass test 5 on my system - component contro lset to Normal - I guess it would pass on Max. Not tried as Process Guard or Appdefend block this test


Quite a few of Phant0m's v6 rules are not active by default any guidance on which to turn on or I guess not - would be appreciated .......they are quite difficult to understand

Another problem with Internet filtering enabled with any rules set I cannot post at Wilders - the submit button does not complete

Any Ideas what this could be - seems to happen with direct or proxy based connections

Perhaps an issue with fragmented packet which are blocked.
Is there any information in the log about the packets that are blocked ?

Frederic

{QUOTE-> Perhaps an issue with fragmented packet which are blocked.
Is there any information in the log about the packets that are blocked ?
Frederic <-QUOTE}

Yeh - a reboot fixed the problem drove me mad for about 30 mins

{QUOTE-> Not sure how good these test are
Quite a few of Phant0m's v6 rules are not active by default any guidance on which to turn on or I guess not - would be appreciated .......they are quite difficult to understand <-QUOTE}


I don't think that I have the DNS and DCHP rules correct yet and help with the above would also be apreciated.

{QUOTE-> I don't think that I have the DNS and DCHP rules correct yet and help with the above would also be apreciated. <-QUOTE}
the way i set those rules is this: i go to the start menu, click on run, and type "cmd" and press enter. at the prompt i type "ipconfig /all". DHCP Servers are for the BOOTP/DHCP rule (i only have one rule enabled), DNS servers are for the DNS-Allowed rule, and Physical Address is for the Anti-Mac spoofing rule. also remember to enable the rules (green checkmark)

Thanks I followed these instructions - works well now

http://www.wilderssecurity.com/showthread.php?t=115785
{QUOTE->
Important:Always save as before you make a change to your LNS rule-set or any other so you will always have a untouched copy.And disable your internet connection when you do this.
example:EnhancedRulesSet2006.rls

1; Go to the LnS panel called Internet filtering>then go to LOAD>open and find
the EnhancedRulesSet.rls highlight it>hold down Ctrl+c on your keyboard>then just cancel out of
this box.AND DON'T Save anything.

2; Go to your desktop point mouse on desktop where you want it copied to >Ctrl+v
and now you have EnhancedRulesSet2006.rls

3; Rename this to EnhancedRulesSet2006.rie the [rie] at the end makes the importing of one
rule at a time or many as possible from one rule-set to another.Very fast!

4;Copy this again or drag and drop this file into c:/program files/Soft4ever>Look"n"Stop
and paste it in,or drag it in there,and now you can start importing the EnhancedRulesSet auto detect rules for servers,dns for your computer
if you don't understand Phant0m's manual settings which only takes,this will make things much easier
the only thing you have to do is compare the two rules and start replacing some rules.

5.Go to the Internet filtering tab>go to LOAD,But save as first it will cause you no pain if things don't work out,but like I said it been over 5 years and it still works,on Windows 95, 98,ME,and XP-XP2 pack I have used
it on all of them.Call the rule-set anything you like except EnhancedRulesSet.rls.

6.Click on the import box in Internet filtering and you will see the EnhancedRulesSet.rie file>highlight it and now you have the whole EnhancedRulesSet showing
in the rules to import into Phant0ms rule-set,highlight EnhancedRulesSet.rie and check these off>
starting at > IP : MF Flag Block and check everything below and replace the rules.

7. Place the first rule under< +ACK-URG in phant0ms rule-set which would be
IP : MF Flag Block from the EnhancedRulesSet.rls.

8 you don't need them all since you will have double rules so compare the two rule-sets
and its a matter of deleting,or leaving or adding the auto detect sever rules which start at>
TCP : Authorize Identification and work your way down the list using the up and down buttons to place them.

9. You really just need these rules from >TCP : Authorize Identification until
UDP : Stop Broadcast rule,[Stops UDP broadcasts to *.*.*.255.] rule.

the rest and more are already in Phant0ms rule-set,so you just have to delete any double rules you have showing in Phant0m's rule-set,you really just want to add the auto detect rules
to Phant0ms rule-set.TCP : Authorize Identification - UDP : Stop Broadcast rule,[Stops UDP broadcasts to *.*.*.255.] rule.those are the ones that auto detect your internet connections.
<-QUOTE}