Making Ghostwall Rules

[Demoras]

Hello,

I've decided to try Ghostwall, I haven't installed it yet but it seems like a very good firewall to me. There's one problem though, I'm scared of rule-based firewalls. I feel like I have less control over my internet connection (which isn't really true, but I kind of feel like that), simply because I don't master rulemaking yet.

Now, I know how to forward ports on routers, that's really easy. Is forwarding ports on routers comparable to making rules in Ghostwall? So, if I want to block a certain app, I just search for what ports it's using and block those ports?
And what if I don't know the app ports, is there some kind of log I can check? Or is there another way of finding out which ports are being used (since when it's already in the log file, there has already been made a connection and I could be in danger!)?

[zapjb]

Interested to see if anyone posts easy enough instructions for this.

[Demoras]

Quote:

Originally Posted by zapjb

Interested to see if anyone posts easy enough instructions for this.

Hmm, is it that complicated?

[Brinn]

GW logs the last 50 incoming and outgoing attempts. What would also help is to have an app like Port Explorer or TCPView (free from Sysinternals) so you can see what's trying to make a connection to which port.

Blocked attempts are also logged, I believe.

[Demoras]

Quote:

Originally Posted by Brinn

GW logs the last 50 incoming and outgoing attempts. What would also help is to have an app like Port Explorer or TCPView (free from Sysinternals) so you can see what's trying to make a connection to which port.

Blocked attempts are also logged, I believe.

I see. I guess I will give Ghostwall a try this weekend, play around with it a little and stuff.

[tonyjl]

Hi Demoras.

Have a look here http://www.outpostfirewall.com/guide/rules/index.htm it gives a pretty good list of basic preset rules.

The best way is to first of all,set the firewall to 'ask you' for permision to grant acces to the net,when a connection is attempted that no rules allow for,you'll get an alert,then create a rule/or rules to allow them. Then its just a case of keeping an eye on your logs,if something doesn't work properly,can't connect etc. check ya logs for blocked entries,retry whatever isn't working a couple of times so that you get a few entries the same to help filter out normal internet noise .

Trial 'n' error mate,you'll get the hang of it in no time at all. Hope that helps ya get started,and good luck (not that you'll need any luck).

[Demoras]

Quote:

Originally Posted by tonyjl

Hi Demoras.

Have a look here http://www.outpostfirewall.com/guide/rules/index.htm it gives a pretty good list of basic preset rules.

The best way is to first of all,set the firewall to 'ask you' for permision to grant acces to the net,when a connection is attempted that no rules allow for,you'll get an alert,then create a rule/or rules to allow them. Then its just a case of keeping an eye on your logs,if something doesn't work properly,can't connect etc. check ya logs for blocked entries,retry whatever isn't working a couple of times so that you get a few entries the same to help filter out normal internet noise .

Trial 'n' error mate,you'll get the hang of it in no time at all. Hope that helps ya get started,and good luck (not that you'll need any luck).

Hmm, Ghostwall has such a thing? It didn't have app control, did it?
By the way, those rules, aren't they for Outpost Firewall?

[tonyjl]

Quote:

Originally Posted by Demoras

Hmm, Ghostwall has such a thing? It didn't have app control, did it?

No,but you still need to create rules to allow them access the net,eg remote port 80 in & out.

Quote:

Originally Posted by Demoras

By the way, those rules, aren't they for Outpost Firewall?

Rules can be applied to any firewall as long as they have the same features eg. you can't apply a rule with TCP Flags to a firewall that doesn't support TCP Flags etc. etc.
Ports and IP Addresses can be trasfered though.

[Demoras]

Quote:

Originally Posted by tonyjl

No,but you still need to create rules to allow them access the net,eg remote port 80 in & out.

Oh okay, so it's kinda like those rules from Kerio Personal Firewall 2.15?
Ahh no matter what it's like, I'm gonna install it now and try it out

[Demoras]

Hmm, this rule thing, they're interesting, but also a bit confusing me.
It's like, every app has acces to the internet. I can't really say that one app shouldn't make a connection, unless I know what ports it's using of course, but if I block those ports and another program wants to use those ports, it can't connect to the internet either.
Hmmm......

[SCClockDr]

Demoras

Look as this link:
http://www.wilderssecurity.com/showthread.php?t=107662
and this one:
http://www.wilderssecurity.com/showthread.php?t=107904

These should get you started.