What CHX-I rules to make

Hi,
I have installed CHX-I and I am uncertain what rules are necessary for my system. I have a dialup connection with a dynamic ip, my internal network uses 192.168.0.0/24.

The only way to secure yourself on the internet is to only allow the LAN traffic and block everything else, but obviously this defeats the purpose of an internet connection.

This is just an assumption, but when using CHX-I do you have to configure it for every program which uses the internet, this would really be time consuimg and frustrating.

So can anyone tell me where I can find a basic set of rules for CHX-I which I can modify for my system?

Thanks

 

Have you tried any of the sample filter sets available on their site? You might want to start with the "Internet Workstation" which is explained in the help file.

Regards,

CrazyM

 

Dial up,import sample ruleset named Workstation for your WAN PPP,under WAN PPP properties,enable SPI for TCP/UDP/ICMP, go to www.grc.com and do a scan and see if you pass the test,if everything is green and you can access the net,you are safe and sound.

 

thanks for that, sounds good.

Will I need to set up access for edonkey and bittorrent, or isn't it blocked by the sample rules.

 

You have to set up the rules for them...

If you need some help...

 

Ok,
I think I've done something wrong.
I loaded the workstation.sfd file into the Packet Filters (Global)
Then I turned on stateful inspection for TCP, UDP and ICMP under the Dialup or VPN / Public tree.

When I opened edonkey it connected fine and bittorrent was still working, I haven't tested it yet, but I didn't think edonkey and bittorrent would work without configuration to allow them to use the connection.

Also can someone tell me if the packet filter list is like the cisco router access lists, where the order of ip addresses is important.

 

You will probably need a Force Allow inbound for the p2p ports involved in order to get your speeds up to par. I don't do p2p (or use CHX) anymore so I can't help too much, but one of the other guys probably can.

 

Your bittorrent and emule applications might seem like they are working, but they are probably not able to accept incomming connections. Use "force allow" with a local port specified for UDP. For TCP "force allow" works, but "allow" is better.

 

mrpringle,

See the examples rules that I use for the P2P...

P2P.sfd

Hope that they are useful to you...

 

before I worry about configuring p2p software, I ran a scan at grc.com and it said, "Without your knowledge or explicit permission, the Windows networking technology which connects your computer to the Internet may be offering some or all of your computer's data to the entire world at this very moment!"

I don't understand what is wrong, I loaded the workstation configuration into CHX-I and I turned on stateful inspection.

How can I fix this?

Thanks for everyone's help so far.

 

Is that not just part of the greeting or opening comments on the scan page?

What was the actual scan result?

Regards,

CrazyM

 

These might be more for Treewalk users. I don't have CHX-I installed right
now so I can't check them out.

http://members.shaw.ca/bind-pe_and_ics/stef001/dpf.htm

 

Yes, lol, I feel like a bit of an idiot.

All the tests came back fine. Does this mean I don't really need an additional firewall program installed on there like kerio, or outpost, ..........

 

At this moment you only have inbound protection...

I only use CHX and I'm delighted with it!

The examples rules helped?

 

I am happy with it to. I ran tests with sygate and outpost pro installed and with both of those firewalls the tests at grc showed I had ports left open.
Then I used the sample rules for CHX-I and ran the same tests at grc and all my ports were stealthed completely.

 

All you need to do is to monitor for any unsolicited outbound connections and TCP View from www.sysinternals.com is a fine freeware to monitor connections,additionaly you can also use Hosts file to keep pests out. CHX will do best for inbound.

 

thanks for everyone's contribution.

 

you could also use a HIPS programme like PrevX R1 free beta or antihook or processguard free version to monitor programmes and block if necessary!


http://free.prevx.com/

http://www.infoprocess.com.au/