Some firewall.ini mods for Blackice 2.9 I Found

noway · #1 June 1st, 2005, 07:50 AM

In case anyone wants it, here's a sample of firewall.ini mods for blackice 2.9
for ICMP. I found it on the internet somewhere and modified it to allow inbound
time exceeded, inbound echo reply and inbound destination unreachable. Right click
systray icon, select Stop Blackice Engine, then after you see a red slash through
tray icon, right click icon and select Exit. Then go to the Network Ice\Blackice
folder and paste the following into Firewall.ini
under the heading [MANUAL ICMP ACCEPT], then restart Blackice.

ACCEPT, 0:0, Echo Reply , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 1:0, Unassigned , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 2:0, Unassigned , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
ACCEPT, 3:0, Destination Unreachable , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 4:0, Source Quench , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 5:0, Redirect , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 6:0, Alternate Host Address, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 7:0, Unassigned , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 8:0, Echo Request, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 9:0, Router Advertisement, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 10:0, Router Solicitation, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
ACCEPT, 11:0, Time Exceeded, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 12:0, Parameter Problem, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 13:0, Timestamp Request, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 14:0, Timestamp Reply, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 15:0, Information Request, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 16:0, Information Reply, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 17:0, Address Mask Request, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 18:0, Address Mask Reply, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 19:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 20:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 21:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 22:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 23:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 24:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 25:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 26:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 27:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 28:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 29:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 30:0, Traceroute, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 31:0, Datagram Conversion Error, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 32:0, Mobile Host Redirect, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 33:0, IPv6 Where-Are-You, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 34:0, IPv6 I-Am-Here, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 35:0, Mobile Registration Request, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 36:0, Mobile Registration Reply, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 37:0, Domain Name Request, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 38:0, Domain Name Reply, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 39:0, SKIP, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 40:0, Photuirs, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 41:0 - 255:0, All Other ICMP, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui

lynchknot · #2 June 23rd, 2005, 02:20 PM

It may not matter anyway as I think Outpost controls ICMP

Do I paste that and remove "[auto ICMP xxxx]" I don't see "[MANUAL ICMP ACCEPT]"

Quote:

[auto IP xxxx]
[auto ICMP xxxx]
[auto UDP low xxxx]
[auto UDP high xxxx]
[auto TCP low xxxx]
[auto TCP high xxxx]

*edit - this is how I changed it - correct?

Quote:

[auto IP xxxx]
[auto UDP low xxxx]
[auto UDP high xxxx]
[auto TCP low xxxx]
[auto TCP high xxxx]
[MANUAL ICMP ACCEPT]
ACCEPT, 0:0, Echo Reply , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 1:0, Unassigned , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 2:0, Unassigned , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
ACCEPT, 3:0, Destination Unreachable , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui...........ect....

noway · #3 June 23rd, 2005, 02:44 PM

Quote:

Originally Posted by lynchknot

edit - this is how I changed it - correct?

You don't really need to remove the [auto ICMP xxxx] Otherwise looks fine.
My headings are in the following order:

[PARMS]
[MANUAL IP ACCEPT]
[MANUAL ICMP ACCEPT]
[MANUAL UDP low REJECT]
[MANUAL UDP high REJECT]
[MANUAL TCP low REJECT]
[MANUAL TCP high REJECT]
[auto IP xxxx]
[auto ICMP xxxx]
[auto UDP low xxxx]
[auto UDP high xxxx]
[auto TCP low xxxx]
[auto TCP high xxxx]

lynchknot · #4 June 23rd, 2005, 07:07 PM

below the auto config there was some sort of key but now it's gone. Do you know what that was?
*edit - I'm not understanding something. This is what I've got - showing only partial of your post

Quote:

; *********************************************************
; BlackICE filter configuration file
; DO NOT EDIT BY HAND!
; This file contains several sections. The first section is
; for user configured items. The second is for automatic
; filters set by the system. These should be maintained
; separately in the user interface
; *********************************************************
[PARMS]
auto-blocking = enabled, 0, unknown
protection.SecurityLevel = paranoid, 0, unknown
tunnel.dns = enabled, 0, unknown
protection.SecurityLevel.state = paranoid, 4000, auto
;action, IP/port, name, whenSet, whenExpire, precedence, whoSet
[MANUAL IP ACCEPT]
REJECT, 24.138.0.17,24.138.0.17, 2005-05-01 18:43:45, PERPETUAL, 2000, BIgui
[MANUAL ICMP ACCEPT]
[MANUAL UDP low REJECT]
REJECT, 0 - 1023, default, 1970-01-01 00:00:00, PERPETUAL, 1000, unknown
REJECT, 137, default, 1999-07-22 20:26:53, PERPETUAL, 2000, unknown
REJECT, 138, default, 1999-07-22 20:26:53, PERPETUAL, 2000, unknown
[MANUAL UDP high REJECT]
REJECT, 1024 - 65535, default, 1970-01-01 00:00:00, PERPETUAL, 1000, unknown
ACCEPT, 4672, emule, 2005-04-28 16:56:37, PERPETUAL, 2000, BIgui
[MANUAL TCP low REJECT]
REJECT, 0 - 1023, default, 1970-01-01 00:00:00, PERPETUAL, 1000, unknown
REJECT, 139, default, 1999-07-19 20:50:26, PERPETUAL, 2000, unknown
REJECT, 113, default, 2005-04-28 16:53:33, PERPETUAL, 2000, BIgui
[MANUAL TCP high REJECT]
REJECT, 1024 - 65535, default, 1970-01-01 00:00:00, PERPETUAL, 1000, unknown
ACCEPT, 4662, emule, 2005-04-28 16:56:18, PERPETUAL, 2000, BIgui
; *********************************************************
[PARMS]
[MANUAL IP ACCEPT]
[MANUAL ICMP ACCEPT]
[MANUAL UDP low REJECT]
[MANUAL UDP high REJECT]
[MANUAL TCP low REJECT]
[MANUAL TCP high REJECT]
[auto IP xxxx]
[auto ICMP xxxx]
[auto UDP low xxxx]
[auto UDP high xxxx]
[auto TCP low xxxx]
[auto TCP high xxxx]
ACCEPT, 0:0, Echo Reply , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 1:0, Unassigned , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 2:0, Unassigned , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
ACCEPT, 3:0, Destination Unreachable , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 4:0, Source Quench , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 5:0, Redirect , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 6:0, Alternate Host Address, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 7:0, Unassigned , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 8:0, Echo Request, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 9:0, Router Advertisement, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 10:0, Router Solicitation, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui.............................................ect.......

noway · #5 June 23rd, 2005, 09:27 PM

For lynchknot only:

Here is my COMPLETE firewall.ini file for Blackice 2.9car. There is an entry at the VERY END called "startup.serialValue=" (I don't know what this value means, so your value may be different. If you deleted it by mistake you could try leaving that line out and seeing if it is added by Blackice after rebooting. Perhaps Blackice uses this value to determine if the configuration has been changed and whether to notify you, but I'm just guessing. ) Also the values for [MANUAL IP ACCEPT] are specific IPs that I want to allow or reject and yours will be different. Always backup this file before making changes, just in case!

; *********************************************************
; BlackICE filter configuration file
; DO NOT EDIT BY HAND!
; This file contains several sections. The first section is
; for user configured items. The second is for automatic
; filters set by the system. These should be maintained
; separately in the user interface
; *********************************************************
[PARMS]
auto-blocking = disabled, 4000, BIgui
protection.SecurityLevel = paranoid, 4000, BIgui
tunnel.dns = enabled, 0, unknown
;action, IP/port, name, whenSet, whenExpire, precedence, whoSet
[MANUAL IP ACCEPT]
ACCEPT, 24.153.23.10,DHCP, 2005-01-18 04:23:43, PERPETUAL, 4000, BIgui
ACCEPT, 24.153.22.195,DNS, 2005-01-18 04:24:11, PERPETUAL, 4000, BIgui
ACCEPT, 24.153.23.66,DNS, 2005-01-18 04:24:31, PERPETUAL, 4000, BIgui
REJECT, 12.158.80.10,Verisign, 2005-01-18 04:28:15, PERPETUAL, 4000, BIgui
REJECT, 69.94.110.11,Verisign, 2005-01-18 04:28:45, PERPETUAL, 4000, BIgui
REJECT, 207.46.248.249,Windows Explorer, 2005-01-18 04:29:17, PERPETUAL, 4000, BIgui
[MANUAL ICMP ACCEPT]
ACCEPT, 0:0, Echo Reply , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 1:0, Unassigned , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 2:0, Unassigned , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
ACCEPT, 3:0, Destination Unreachable , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 4:0, Source Quench , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 5:0, Redirect , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 6:0, Alternate Host Address, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 7:0, Unassigned , 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 8:0, Echo Request, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 9:0, Router Advertisement, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 10:0, Router Solicitation, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
ACCEPT, 11:0, Time Exceeded, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 12:0, Parameter Problem, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 13:0, Timestamp Request, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 14:0, Timestamp Reply, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 15:0, Information Request, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 16:0, Information Reply, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 17:0, Address Mask Request, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 18:0, Address Mask Reply, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 19:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 20:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 21:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 22:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 23:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 24:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 25:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 26:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 27:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 28:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 29:0, Reserved, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 30:0, Traceroute, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 31:0, Datagram Conversion Error, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 32:0, Mobile Host Redirect, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 33:0, IPv6 Where-Are-You, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 34:0, IPv6 I-Am-Here, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 35:0, Mobile Registration Request, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 36:0, Mobile Registration Reply, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 37:0, Domain Name Request, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 38:0, Domain Name Reply, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 39:0, SKIP, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 40:0, Photuirs, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
REJECT, 41:0 - 255:0, All Other ICMP, 2005-01-01 00:00:00, PERPETUAL, 2000, BIgui
[MANUAL UDP low REJECT]
REJECT, 0 - 1023, Default UDP low, 2005-01-18 04:15:51, PERPETUAL, 1500, BIgui
[MANUAL UDP high REJECT]
REJECT, 1024 - 65535, Default UDP high, 2005-01-18 04:15:51, PERPETUAL, 1500, BIgui
[MANUAL TCP low REJECT]
REJECT, 0 - 1023, Default TCP low, 2005-01-18 04:15:51, PERPETUAL, 1500, BIgui
REJECT, 135, Port 135, 2005-01-18 04:30:21, PERPETUAL, 4000, BIgui
REJECT, 445, Port 445, 2005-01-18 04:30:38, PERPETUAL, 4000, BIgui
[MANUAL TCP high REJECT]
REJECT, 1024 - 65535, Default TCP high, 2005-01-18 04:15:51, PERPETUAL, 1500, BIgui
; *********************************************************
[auto IP xxxx]
[auto ICMP xxxx]
[auto UDP low xxxx]
[auto UDP high xxxx]
[auto TCP low xxxx]
[auto TCP high xxxx]
startup.serialValue=9b9f38500d72741ca4cd7dd290fcefad

lynchknot · #6 June 24th, 2005, 12:20 AM

Thanks noway. Now I see the whole config and understand.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search