Help me with Kerio 2.1.5 rules please

I don't exactly understand Blitz's kerio 2.1.5 rules. I am behind a router, and over at dsl reports he says to use the router configuration, what do I do with that as I am not using it and all seems to be working fine. How does this look so far for my rules?

 

Second part

 

I am an idiot when it comes to rules, so please help me out

 

Hi Slovak

You may be fine without the router rule. If you were logging from the router, then a rule would be required. If you have other systems behind the router, LAN rules would also be required.

Secondary DNS is a duplicate (same as Primary DNS).

Unrestricted DNS not needed if using above.

Your Block All rules should be at the end of the rule set. Enable the Inbound, but leave the Outbound disabled for now.

Regards,

CrazyM

 

The router rule allows you not to have to specify the router dns/dhcp in the rules, and allows for a second configuration without any hassle. Like if you use your laptop at home, and away from home, this already allows for two seperate configurations.

I did mention in the default replacement thread some basic things like disabling the unresticted dns when you had specified your dns servers to prevent dns tunneling, and making sure the block all rules were at the end of your ruleset.

Also Avast's mail, and web filtering are a software proxy so you need to exclude those ports used from the ports available with the software proxy loopback rule. This way any software you don't want getting out, won't get out without your permission that is being redirected by these services.

 

So for the dhcp stuff, I get it from ipconfig /all, and put the dhcp address in Assign DHCP Server?

 

I do, I only need them IF I want them to be able to connect to me, right?

 

Also Avast's mail, and web filtering are a software proxy so you need to exclude those ports used from the ports available with the software proxy loopback rule. This way any software you don't want getting out, won't get out without your permission that is being redirected by these services.

Do you still need to use the standard loopback rule with the software loopback rule?

Regards

 

No, and that is another question already answered by looking at the page where the ruleset is located

 

Right, just keep in mind your current rule set will likely result in numerous log entries from these systems.

Are you sharing any files or printers with other systems on the LAN?

Regards,

CrazyM

 

Thanks, for the reply, I must have missed it entirely when I read the ruleset page everything else I seem to have grasped fairly well. I just switched to Kerio 2.1.5 a week ago from Sygate and love it. Your ruleset page made it very easy to understand things I did not know prior.
Thanx again for the reply.

 

Is this correct?

 

Anyone?

 

ipconfig /all should display full configuration information.

Regards,

CrazyM