can someone check my rules please

Discussion in 'other firewalls' started by iceni60, Oct 1, 2004.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i was looking at my rules, and i noticed afew things that should have been checked weren't. is there anyway i can show my kerio 2.1.5 rules to a firewall expert? how do i do it thanks :)
     
  2. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
  3. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    there are quite some experts here. and I am sure that if you want to keep your setup private, you can sent a p.m. to BlitzenZeus or Gkweb.
     
  4. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks, no13 and INFINITY. i think ive got the rules under control now, however, i still may get someone to have alook at them :)
    thanks.
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    If you take a screenshot of your rule set and post it here we could then provide you some suggestions. Depending on the number of rules, it may require a couple of screenshots. Also edit out any IP's you may not want posted publicly.

    Regards,

    CrazyM
     
  6. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    this is pretty much how they all are, with proxomitron at the top with TCP out, any port, any address, then a block rule for proxomitron UDP/TCP .i'll take a screenshot of proxs rules. these are the last rules, im never to sure about the block rules.
     

    Attached Files:

  7. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    here's proxomitron and browsers, does it matter that i dont have any remote addresses for any of the rules?
     

    Attached Files:

  8. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    here is the stuff i was more worried that i might have changed by mistake
     

    Attached Files:

  9. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    im on a standalone XP home. thats pretty much all of them, im sure you can see somekind of similarity between most of them :D
     

    Attached Files:

  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    While allowing proxo out to any port will work, you could consider refining that to only required remote services. When using proxo the configuration of your loopback rules is also important.

    They look fine right now, but as the rules are processed top to bottom it helps to see the entire configuration in order to make sure everything works as intended.

    Does the highlighted rule for java require outbound to any port?

    Regards,

    CrazyM
     
    Last edited: Oct 1, 2004
  11. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Are you using the custom IP blocking to block a list of IP's entered there?

    You could also modify your unrestricted DNS rules and restrict them to your ISP's DNS servers. The custom address is a convenient way to do this, hence the above question. If you are already using custom addresses for blocking, you will need individual rules for your DNS servers.

    Regards,

    CrazyM
     
  12. TheSnowGuy

    TheSnowGuy Guest

    *** Only a BRIEF COMMENT***


    ICE

    I am not able to "see" your posted rules without disabling some of my own security........so will only comment on a couple of things.



    your first TWO (2) rules should be


    1)block persfw udp/tcp (both)


    2) pfwadmin udp/tcp (both) (block)



    *****Ice protect your firewall fire and foremost***



    As for Proxo.....it can go below several of your others rules which may be more important........assign port 8080 to proxo...outbound. ( its assumed that you are not using other proxies with proxo...so wont mention how that would be set-up)
     
  13. TheSnowGuy

    TheSnowGuy Guest

    CM


    We posted near the same time......am sure you have this covered so off I go to the land of OZ........seeya
     
  14. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Another option for your DNS rules.
    Your current rules allow for UDP only which will normally suffice. There will be the odd occassion your system (or some apps/specific types of DNS querries) will use TCP outboud. To allow for this you would use separate DNS rules for inbound and outbound and as noted above restrict them to your ISP's servers.

    Regards,

    CrazyM
     

    Attached Files:

  15. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Your using the advanced ruleset... Do you remember what I said about those who should use the advanced ruleset??

    Your showing the ruleset out of order, and even leaving some rules out of these screenshots. Make the window bigger next time, but don't repost your entire ruleset again. Go back, and completely re-read the page where you got this ruleset please as you didn't disable or restrict dhcp!! You very likely didn't bother yourself to read the instructions to restrict your dns either....

    CrazyM They used my default ruleset replacement, to see how the dns rules are supposed to work, see the thread linked in the forum sticky. However that doesn't guarantee they actually restricted the dns to their dns servers...
     
    Last edited: Oct 1, 2004
  16. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
  17. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I have it too from sponge and it works flawlessly. it looks like a lot but no problem on resources what so ever.

    cheers
     
  18. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    A piece of advice, though...
    Take the blocked ips <they're to block adservers> and add them to Protowall, Proxomitron or Peerguardian (or any other such product)... this increases your net connection throughput (Kerio takes longer to examin packets against IPs than these products, and they put hardly any load on the system)
    Note: Unblock "Microsoft x" rules (x=1,2,4) as they are needed to surf MSN sites.
    >.< I thought you'd have posted at "The Official Kerio Thread"...
    <just kidding>
     
  19. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    That is not how your supposed to use Kerio, you are supposed to learn how to configure it correctly, not leave gaping holes with general rules, which my instructions tell you how to fix if people would just bother themselves to read them. Also all those rules blocking ip addresses are wasteful in those rulesets...
     
  20. TheSnowGuy

    TheSnowGuy Guest

    Blitzen

    Would you be so kind as to post a link to your rule set so as I can compare it to yosponge.


    Would you also be so kind as to offer your resoning for this statement that you made:

    **Also all those rules blocking ip addresses are wasteful in those rulesets...***
     
  21. Kerodo

    Kerodo Guest


    BZ's ruleset, along with instructions, can be found here:

    http://www.dslreports.com/forum/remark,8023708~mode=flat

    Go to the bottom of the page for the final version.
     
  22. TheSnowGuy

    TheSnowGuy Guest

    Blitzen


    Thank you for the fast response..



    Regards

    TheSnowGuy/ The Snowman
     
  23. TheSnowGuy

    TheSnowGuy Guest

    Kerodo


    An thank you as well.....am not planing on using the rules...have no need.......just wanted to compare........always open-minded....




    Regards

    TheSnowGuy
     
  24. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    I knoi... which is why I posted saying ...to take the the blocked IPs out of Kerio and into an IP blocking program like Proxomitron...
    :)
    Regards.
    no13.
     
  25. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    BZ dont be too annoyed with me. i was using your basic rules up until afew days ago. i reinstalled XP and installed your advanced set which i had on disk, thats why i was worried about the set. ill read up on it all and show you what i have learned :D
    thanks for all the help from everyone :)
     
Thread Status:
Not open for further replies.