Hello!

I just wound again this nice lightweight firewall and start to type my FIRST own settings. So of course I have couple of questions.

1. Can I set more than one specific ports? Like 80, 443, 8080?

2. Do I need loopback rule if it looks like that everything works okay without that?

Here is my settings:


Description Rule Local IP Local Port Remote IP Remote Port
-----------------------------------------------------------------------------------------------------------------------------------
0 > 52 [DNS] Block All Protocols Outgoing and Incoming Any Any Any 0-52
54 > 79 [HTTP] Block All Protocols Outgoing and Incoming Any Any Any 54-79
81 > 442 [HTTPS] Block All Protocols Outgoing and Incoming Any Any Any 81-442
444 > 464 [SMTP] Block All Protocols Outgoing and Incoming Any Any Any 444-464
466 > 992 [IMAP] Block All Protocols Outgoing and Incoming Any Any Any 466-992
994 > 8079 [HTTP] Block All Protocols Outgoing and Incoming Any Any Any 994-8079
8081 > 65535 Block All Protocols Outgoing and Incoming Any Any Any 8081-65535
ALLOW Allow All Protocols Outgoing Any Any Any Any
DNS 1 Allow UDP Incoming My IP Any My DNS 1 53
DNS 1 Allow UDP Incoming My IP Any My DNS 2 53
BLOCK Block All Protocols Outgoing and Incoming Any Any Any Any


If I have understand correctly what I have done then I only allow DNS, HTTP, HTTPS, SMTP and IMAP outgoing. All other is blocked. Only ingoming allowed is DNS (specific addresses).

I answer myself. Yes I need Loopback rule because without that Sandboxed browser doesn't work correctly. It takes so long to start and sometime it doesn't even start. So I add new rule. Also I edit ALLOW rule so now only TCP or UDP can connect out. Now everything works perfectly.


Description Rule Local IP Local Port Remote IP Remote Port
-----------------------------------------------------------------------------------------------------------------------------------
LOOPBACK Allow TCP Outgoing and Incoming 127.0.0.1 Any 127.0.0.1 Any
0 > 52 [DNS] Block All Protocols Outgoing and Incoming Any Any Any 0-52
54 > 79 [HTTP] Block All Protocols Outgoing and Incoming Any Any Any 54-79
81 > 442 [HTTPS] Block All Protocols Outgoing and Incoming Any Any Any 81-442
444 > 464 [SMTP] Block All Protocols Outgoing and Incoming Any Any Any 444-464
466 > 992 [IMAP] Block All Protocols Outgoing and Incoming Any Any Any 466-992
994 > 8079 [HTTP] Block All Protocols Outgoing and Incoming Any Any Any 994-8079
8081 > 65535 Block All Protocols Outgoing and Incoming Any Any Any 8081-65535
ALLOW Allow TCP or UDP Protocols Outgoing Any Any Any Any
DNS 1 Allow UDP Incoming My IP Any My DNS 1 53
DNS 1 Allow UDP Incoming My IP Any My DNS 2 53
BLOCK Block All Protocols Outgoing and Incoming Any Any Any Any

Hi MikeNas,

Just for your info please find my set of rules.
Cory & Cory2 is for my DNS. FTP2 is for FTP.
All specific remote IPs given are those of my Internet Service Provider.
Have fun. :)
Xtree

Thanks for the info. I modify my rules to simpler way and maybe tighter too. 3 rules less and everything working :D


Description Rule Local IP Local Port Remote IP Remote Port
-----------------------------------------------------------------------------------------------------------------------------------
PORT 0 & 1 Block All Protocols Outgoing and Incoming Any 0-1 Any Any

LOOPBACK Allow TCP Outgoing and Incoming 127.0.0.1 Any 127.0.0.1 Any

HTTP Allow TCP Outgoing My IP 1024-5000 Any 80
HTTPS Allow TCP Outgoing My IP 1024-5000 Any 443

IMAP Allow TCP Outgoing My IP 1024-5000 My EMAIL 993
SMTP Allow TCP Outgoing My IP 1024-5000 My EMAIL 465

DNS 1 Allow UDP Outgoing and Incoming My IP Any My DNS 1 53
DNS 1 Allow UDP Outgoing and Incoming My IP Any My DNS 2 53

BLOCK Block All Protocols Outgoing and Incoming Any Any Any Any


Some ShieldsUP testing. If I choose Common ports all are stealthed. If I choose All Service Ports then 22 (SSH) is closed. Not a big deal because to me but still intresting that result is different. There is also Ping Reply but that's my router not my computer.

MikeNAS,
If port 22 appears as closed it might mean that you have enabled "Remote administration" in your router. Check that.
Also, don't you need a rule for DHCP? Be aware that your ruleset will cut FTP, P2P, IMAP and IM traffic. Not a big deal if you only browse and check mail throu POP.

-{ Quote: "MikeNAS,
If port 22 appears as closed it might mean that you have enabled "Remote administration" in your router. Check that.
Also, don't you need a rule for DHCP? Be aware that your ruleset will cut FTP, P2P, IMAP and IM traffic. Not a big deal if you only browse and check mail throu POP." }-

Now I don't need DHCP. My new rule allow smtp and imap. I use meebo to IM and so on. I check my router now but still it's intresting that once it closed and other time stealthed.

Here is all of my router settings:

192.168.0.1

ADSL Settings
ADSL Mode :
Use PPP : No
PPPoE
PPPoA
Bridged IP
Ethernet Uplink
Login :
Password :
VPI :
VCI :
Obtain an IP address automatically
Use the following IP address:
IP address
Subnet Mask
Default Gateway
DNS server

Nothing selected so it's just some strange thing.

Maybe a hidden option? If your router supports DNS caching/forwarding, I'd put the IPs of the DNS servers in the router and change the DNS rule in GW to point to your router.

-{ Quote: "Maybe a hidden option? If your router supports DNS caching/forwarding, I'd put the IPs of the DNS servers in the router and change the DNS rule in GW to point to your router." }-

If I put OpenDNS DNS server direct to router there comes one problem. I don't have static IP.

I must be missing something. You said that you don't use DHCP, now you tell me that you don't have static IP :wacko:
Are we talking about static/dynamic IPs from the private range (10.0.0.x 192.168.0.x), right?

-{ Quote: "I must be missing something. You said that you don't use DHCP, now you tell me that you don't have static IP :wacko:
Are we talking about static/dynamic IPs from the private range (10.0.0.x 192.168.0.x), right?" }-

Yeah I use private range IP.

Then, if you don't use DHCP, you should have a static IP :doubt:

My router change address every now and then.

Hi lucas1985,
-{ Quote: "I must be missing something. You said that you don't use DHCP, now you tell me that you don't have static IP " }-As I see it.
Private (fixed IP) on home LAN (behind router),.. DHCP enabled on router for ISP.

-{ Quote: "If I put OpenDNS DNS server direct to router there comes one problem. I don't have static IP." }-If you want to use alternative DNS, then set these as static within the PC (not the router)

-{ Quote: "As I see it.
Private (fixed IP) on home LAN (behind router),.. DHCP enabled on router for ISP." }-
Hi Stem,
I got it, thanks :) I was going nuts ;D
-{ Quote: "If you want to use alternative DNS, then set these as static within the PC (not the router)" }-
Why? Is there any security risk? Are you thinking in drive-by pharming and exploits against the router (the recent Flash exploit)?

-{ Quote: "If you want to use alternative DNS, then set these as static within the PC (not the router)" }-

Yes I have done that way.

Hi lucas1985,
-{ Quote: "If you want to use alternative DNS, then set these as static within the PC (not the router)-{ Quote: "Why? Is there any security risk? Are you thinking in drive-by pharming and exploits against the router (the recent Flash exploit)?" }-" }-No, just basically due to MikeNAS having the router set to obtain IP etc from ISP, so the settings can change. Fixing the alternative DNS IP into the PC can then be permanent.

Strange, I get my public IP from my ISP (http://www.arnet.com.ar/) and my DNS settings do not change when I get a new IP.

-{ Quote: "Strange, I get my public IP from my ISP (http://www.arnet.com.ar/) and my DNS settings do not change when I get a new IP." }-

My computer uses OpenDNS and private range IP. All are manual settings.

My ADSL modem (router/wireless ap) gets public IP from ISP.

I have the same setup with the difference that I put the IPs of OpenDNS in the router.