Why do you use LookNStop firewall?

Discussion in 'LnS English Forum' started by Sibilant, Jun 28, 2004.

Thread Status:
Not open for further replies.
  1. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Re: Why do yoiu use LookNStop firewall?

    I don't use LnS but i did a search and hopefully this will help,

    https://www.wilderssecurity.com/showthread.php?t=64303

    Seems it's a setup for Mac.


    snowbound
     
  2. Re: Why do yoiu use LookNStop firewall?


    Thanks for that. It did offer some insight, but i'm looking for something more.
    It would seem that the Raw Edition plugin could offer very powerful resources to the firewall. I'm at a loss as to why very few users cannot offer any info about it's true capabilities. It would be a waste of resources for each user to learn from scratch what the developer of the plugin already knows.
    I doubt LnS offers support for the plugin, but it seems that someone know more than what can be found on this board.
     
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    Re: Why do yoiu use LookNStop firewall?

    PluginEditRawRule.dll Plug-In offers means for advanced users to create raw rules, extensive control over packet. :)
     
  4. Re: Why do yoiu use LookNStop firewall?

    Thanks Phant0m, for the additional insight.

    Do you have any useful examples of what could be accomplished by using the plugin? For instance, a sample rule and what it truly does to enhance the effectiveness of the firewall or what it blocks etc.
    I like the idea of this plugin, but I need to know if it has any practical use, and how to apply that in simple terms.

    Thanks again.
     
  5. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,353
    Location:
    France
  6. Re: Why do yoiu use LookNStop firewall?

    It appears that the raw rules are allowing packs vice blocking the packets. The red dot appears to the left of the raw rule. Is this normal. I convert raw rules from existing rules, then edit. I do this due to not understanding the ins and outs of making certain changes to the rule.
    Also, where inside of each packet determines whether the packet is legit. Does a legit inbound packet never start at certain positions? If so, where? This is very important, but I find no info.
     
  7. JF

    JF LnS Support

    Joined:
    Jan 12, 2003
    Posts:
    294
    About raw rule edition [plugin]

    Hi,

    The raw rule plugin allows specifying a packet filtering rule at the lowest level possible with Look 'n' Stop : Ethernet frames (packets)

    A raw rule is defined by :
    - The rule name
    - The rule description
    - The packet direction to which the rule applies : inbound, outbound or both
    - 1 to 10 fields

    An Ethernet packet that goes through the Internet filtering matches a rule if all fields of the rule match the corresponding packet fields.

    A field is defined by :
    - The field identifier : 0 to 9
    - The field size : 1 to 6 bytes
    - The field offset type : Ethernet, IP, TCP
    - The field offset for inbound packets (relative to offset type)
    - The field offset for outbound packets (relative to offset type)
    - The field criteria
    - The field Value1, Value2 and Mask.

    About the field offset type :
    If the offset type is Ethernet, the field offset (inbound or outbound) starts "0 bytes" after the Ethernet packet first byte.
    If the offset type is IP , the field offset (inbound or outbound) starts "18 bytes" after the Ethernet packet first byte.
    If the offset type is TCP , the field offset (inbound or outbound) starts "34+4+IHL bytes" after the Ethernet packet first byte. (IHL = IP Header Length).

    The field criteria may be one of these :
    - NA : Not Applicable field (default)
    - EQUAL_VALUE1 : Field equals to Value1
    - NOTEQUAL_VALUE1 : Field not equal to Value1
    - RANGE_IN : Field is in the Value1:Value2 range
    - RANGE_OUT : Field is out the Value1:Value2 range
    - MASK_VALUE1 : (Field and Mask) equal to Value1
    - NOTMASK_VALUE1 : (Field and Mask) not equal to Value1
    - RANGE_IN_REV : Field is in the Value1:Value2 range (reverse byte order)
    - RANGE_OUT_REV : Field is out of the Value1:Value2 range (reverse byte order)
    - EQUAL_VALUE1OR2 : Field equals to Value1 or Value2
    - NOTEQUAL_VALUE1AND2 : Field different from both Value1 and Value2
    - EQUAL_MY_IP : Field equal to IP address of the PC
    - NOTEQUAL_MY_IP : Field not equal to IP address of the PC

    The value display mode allows displaying fields according to their type (example : "hexa-byte split" for MAC address)

    I hope this will help.

    Regards,
    JF
     
  8. Re: About raw rule edition [plugin]


    Thanks JF!

    That was excellent info concerning the use of the Raw Rules.
    However i'm a bit slow in this area. My main concern is keeping an attacker out of my system.
    Have you had success using the raw rules? I really can't see how they truly work, but my mind's eye says they will help me secure my PC.
    BTW, I am a registered LnS user, and am not interested in in violating anyone else's privacy. Only need protection for personal PC.
     
  9. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,353
    Location:
    France
    Re: Why do yoiu use LookNStop firewall?

    Hi,

    Raw rules is only a way to create more specific & detailed rules, but it will not help in finding more protection.

    To add more protection, you need first an idea about what to block.
    Then, and only then, Raw Rules can be used if your idea can't be implemented using the basic rule edition.

    Very often Raw rules are rather used to allow specific packets than blocking packets.
    Typical case is Ethernet Rules when you need to allow a specific ethernet type. With the standard rule edition you need to allow all the Other Ethernet Types. With a raw rule you can create a rule that will allow a particular Ethernet Type and all the other types will remain blocked.

    Frederic
     
  10. Re: Why do yoiu use LookNStop firewall?


    Thanks Frederic...

    I do thank you much for your input on this. Your comments have now put to rest many thoughts concerning the use of the raw rules.
    I would like to use raw rules for tightening my Ethernet/ARP rule, but I can't find the rules. They were posted at one time as I did a search and found links to where the rules were once located, but the links take me to a page not found.
    If anyone knows what an ARP rule should entail or where to find the rules, please post.

    Thanks again.
     
  11. papillonn

    papillonn Registered Member

    Joined:
    Oct 19, 2005
    Posts:
    117
    Location:
    TR
    Re: Why do yoiu use LookNStop firewall?

    Because
    1-)LnS uses little memory
    2-)LnS is rule based
    3-)LnS's support is perfect (Frederic,JF..the others also thank you phantOm and thank you wilders)
    4-)LnS works with NOD32 and the other av softwares perfectly
    5-)LnS has multilanguage support (for other users)
    6-)It passes a lot of port scanning tests
    7-)What should i expect more?
    Thank you again
     
  12. Delgado

    Delgado Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    131
    Re: Why do yoiu use LookNStop firewall?

    I have been testing out LookNStop for about a week now. Im a silver Surfer, and quite frankly I thought Id never get the hang of this rule adding business, but with the excellent help available on this forum, I am beginning to get the hang of it. The support is fantastic from members, and Frederic and Phantom helping you all the way.

    Im using Phantoms rule set and have added Bit torrent and E-mule rules, and the way this Firewall works is fantastic-runs in background fast and sleek-I love it!!

    :) :) :) :)
     
  13. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,353
    Location:
    France
    Re: Why do yoiu use LookNStop firewall?

    Thanks Delgado & papillonn, for your compliments :cool:

    Frederic
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.