Help with Rules???

[SCClockDr]

Hi All

I've just installed Ghostwall and am looking for some assistance with composing the proper rules for my system.

I am running XP Pro SP2 stand alone system with an ethernet attached cable modem and no other nodes.

Ipconfig /all reported the following:

Windows IP Configuration



Host Name . . . . . . . . . . . . : family

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : cfl.rr.com



Ethernet adapter Local Area Connection 6:



Connection-specific DNS Suffix . : cfl.rr.com

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-##-D8-1D-##-##

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 68.204.###.###

Subnet Mask . . . . . . . . . . . : 255.255.###.0

Default Gateway . . . . . . . . . : 68.204.###.#

DHCP Server . . . . . . . . . . . : 10.105.##.#

DNS Servers . . . . . . . . . . . : 65.32.X.XX

65.32.Y.YY

Lease Obtained. . . . . . . . . . : Monday, November 21, 2005 11:09:48 AM

Lease Expires . . . . . . . . . . : Monday, November 21, 2005 9:03:21 PM
NOTE:
#, Y, X represent actual digits and are redacted.

My currently ingorant thinking is to modify the DNS rule to reflect the IP address. Am I on the right track?
Do I need supplied multiple DHCP rules? Should I include the IP address listed above to limit access properly? The DHCP ones supplied with the download don't seem to apply, or am I completely missing the point?

Need I create a rule for the default gateway? I intend to try experimenting while awaiting any replys.
Thanks
George

[SCClockDr]

Hi All

Below are the rules I came up with. Any feedback would be appreciatd.

Thanks

[brjoon1021]

I am not suggesting that you won't get good help here or that you should give up. But I did. I think that this is a really good piece of software if one is up to the task.

I was not. Rules (only) are more involved than I want to get.

If you find that you are in the same boat. I have tried Netveda, Filseclab and Kerio 4.2 (and import the BZ ruleset for 2.1x Kerio firewall). These are all good alternatives for the Network challenged like myself. Each time that an application tries to open or access the internet you are given the choice to allow it and make an automatic rule for this application or get nerdy and make your own. Perhaps you know all of this and are ready for Ghost. Just my two cents if applicable.

Good Luck,

B.

[SCClockDr]

B
Thanks for the reply. I see much more activity on the other ghost boards as it seems there is more development activity going on there.
I tend to ask for assistance to help get started on a new challenge but will dive in on my own and hope the assistance will be there if I get stuck.
Thus far I've seemed to have solved the obvious issues to my satisfaction. Unless I find I've left the system open to some attack not revealed in my initial testing.
There is nothing like a good mental challenge to keed me on my toes as the brain cells slowly die off.

[wuz2blu]

Quote:

Originally Posted by brjoon1021

I am not suggesting that you won't get good help here or that you should give up. But I did. I think that this is a really good piece of software if one is up to the task.

I was not. Rules (only) are more involved than I want to get.

If you find that you are in the same boat. I have tried Netveda, Filseclab and Kerio 4.2 (and import the BZ ruleset for 2.1x Kerio firewall). These are all good alternatives for the Network challenged like myself. Each time that an application tries to open or access the internet you are given the choice to allow it and make an automatic rule for this application or get nerdy and make your own. Perhaps you know all of this and are ready for Ghost. Just my two cents if applicable.

Good Luck,

B.

Thank you for the advice, B. You described me exactly when you said, "Rules (only) are more involved than I want to get." I am looking to replace the default WinXP firewall, but I don't want to spend time learning a new program to be able to use the replacement. (Yes, I'm lazy.)
Well, I'm off to check out Kerio and maybe a couple of the others. BTW, anyone have an opinion on Sygate Personal Firewall?
Thanks in advance.
~wuz2blu

[tonyjl]

Hi wuz2blu.
I use CHX-I IP Packet Filter ( http://www.idrci.com/ ) for umm,packet filtering,(but you'll have to do some thinking i'm afraid) and ZoneAlarm ( http://www.zonelabs.com/store/content/home.jsp )for application control. This combo will give you higher internet speeds than most. I've tried a few firewalls,the only one coming close (for me) was L'n'S ( http://www.looknstop.com/En/index2.htm ) and it's packet control features,but the app control was a real let down as you can't control which ip addresses/websites they connect to,could be just the ticket for you though,just allow or deny internet access. I've still got my ruls set for it you want them,you'll have to customize some them to suite your needs. I have heard very good good reports about the latest Outpost firewall ( http://www.outpostfirewall.com/guide/index.htm ) (supposedly passes all leak tests aswell). Norton (http://www.symantec.com/home_homeoff...006/index.html ) used to have auto config rules that you download with the updates,whether they still do i don't know. That aside,you could carry on useing GW and just get another free firewall for app control,just remember to disable the inet filtering for it.