Kerio 4 and lns rules ;)

Discussion in 'other firewalls' started by kamui, Oct 7, 2003.

Thread Status:
Not open for further replies.
  1. kamui
    Offline

    kamui Registered Member

    HI All ,

    I want to know , how can i convert or import panthom 5 lns master rules , for my kerio 4 personnal firewall , thx ;)
  2. LowWaterMark
    Offline

    LowWaterMark Administrator

    Probably only through a lot of manual effort...

    But besides that it may not be practical. Different rules based firewalls have different ways of accomplishing things, and they generally require rules to be developed that are specific to that firewall. If a firewall approaches a function differently, the rules needed may be different to provide the same security.

    Here's a thread where BlitzenZeus was trying to configure LnS as he configured his Kerio 2.1.5 and had some difficulties because the two firewalls do things differently. While this is not exactly what you are asking, I think it shows that you must develop rules specifically to the firewall you are using.

    LooknStop vs Kerio PF
  3. BlitzenZeus
    Offline

    BlitzenZeus Security Expert

    At this time the logging doesn't work correctly in 4x still, so I don't suggest you use it as can't really prove what your rules are doing, and unless an application is attached to a rule it won't log so that complicates the process of finding conflicting settings. I suggest you don't use 4x at this time, and if your going to run any version, run 2x.

    Well, some rules you will have to ditch:
    --You cannot filter by packet flags, but Kerio does use a stateful method to block flagged packets.
    --No arp filtering

    So once you drop those you have a basic firewall configuration without any appliction specific settings, basically a hardware firewall configuration in a sense.

    Personally, if you want to use his ruleset I suggest you use LnS, and if you want to use Kerio, use the features of the firewall like the rule based application filtering. These are two different beasts even though they are both rule based.
  4. CrazyM
    Offline

    CrazyM Firewall Expert

    Hi kamui

    As LWM suggests, it would have to be a manual effort. You could use some of your LnS rules as a guide/template for rules in Kerio, but others would have to be created from scratch. While both are rule based, they have different approaches to how rules are processed, created and function. Application control is also different.

    Just make sure you have good understanding of how the new Kerio works (as it differs from v2.x), and you should not have much trouble constructing a rule set. You may also want to look at the v2.x of Kerio as it is still preferred by many.

    Regards,

    CrazyM
Thread Status:
Not open for further replies.