CHX-I Rules

Discussion in 'other firewalls' started by korb, Jul 13, 2006.

Thread Status:
Not open for further replies.
  1. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
    disable spi in jetico

    if stem can help as i'm using CHX-I ,how do i disable jetico's 'TCP/UDP spi' mode.i want to use jetico for application control only but i found that whenever i uncheck spi,i can't get access to internet.if it impossible to disable the SPI mode,then how can i implement or put CHX-i to work with jetico.rightnow i disable SPI mode in CHX-I but left the rest of the rules untouch(i'm using bind-pe rulesset)

    sorry,i happened to read stem post #261.i guess stem also tried to do it this way but failed.btw stem,what rules for blocking incoming can i turn off if i'm using CHX-I. at the moment i had turn off 'BLOCK ALL NOT PROCESSED PROTOCOL PACKETS' ,'BLOCK ALL NOT PROCESSED IP PACKETS','DROP BAD PACKETS','DENY ALL FRAGMENTED PACKETS','DENY TCP W/O FLAG','DENY TCP W/ FLAG'.
     
    Last edited: Jul 13, 2006
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: Jetico making me crazy.

    Hi Korb,
    I am just having another look into this now...
     
  3. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
    Re: Jetico making me crazy.

    thanks, i'm still with CHX-i 2.8 .i'm not sure v3.0 is for free or not.
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: Jetico making me crazy.

    Hi Korb,
    I have attached a simple rule that will block/allow network access. (allow all or deny all)
    Download the rule, remove the "txt" extension, and then load into Jetico. Apply the policy. Then on the popup, just select "allow this activity" or "deny this activity"

    CHX-I V3 is free
     
    Last edited: Jul 17, 2006
  5. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
    Re: Jetico making me crazy.

    thanks stem for quick reply.btw how can i retain the rules for tcp/ip outbound connections. for exp i allowed program to have access to net but i want to control which IP it connect to.just like the default rules.i know what i mean.
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: Jetico making me crazy.

    I thought you where using CHX-I for that?, and only using Jetico for net access.
     
  7. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
    Re: Jetico making me crazy.

    so sorry again, try to learn setting the rules,i guess i somehow got it.i just changed it to monitor any outbound connection. that should fix it.:)

    btw, the position of rules doesen't matter much right?
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: Jetico making me crazy.

    Hi Korb,
    You should have the SPI set up in CHX-I (on the interface), this will then monitor the IPs
     
  9. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
    Re: Jetico making me crazy.


    i use chx-i for inbound only .i not sure how to set it for outbound .
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: Jetico making me crazy.

    What are your current rules for CHX-I?
     
  11. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
    Re: Jetico making me crazy.

    just installed ver 3

    now i qutie confused with the new payload rules.i now searching for the chx-i thread to see anyone can help on the rules setting.i import the bind-pe rules but seem it log say does not match allow policy. btw when i right click to set the spi mode,i can't see the apply or ok button.i can't even resize it window size.o_O
     
  12. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
  13. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
  14. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Can you post "screen shots" or details of the rules?
     
  15. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
  16. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
    can i upload the standard file here.
     

    Attached Files:

  17. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
    this is the bind-pe filters . i still have a spoofed filter and workstation filters.i just can't remember where i download them.
     

    Attached Files:

  18. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
    i know this is kind of silly and un related question but still had to ask. i can't even get to the apply/ok button.the window is too long and can't resize.:(

    can i leave the 'arp inspection' uncheck.cause i can't apply to it.

    sorry screenshot deleted.
     
    Last edited: Jul 15, 2006
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I will install CHX,...

    I have installed, most of the rules are just blockers (ingress/spoof),.. are you behind a router, or on a network?

    By the way,... If you are just going to use these default rulesets within CHX,.. you would do as well to use jetico on default config, with the ingress / spoofed IPs within the blocked zone.
     
    Last edited: Jul 13, 2006
  20. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Last edited by a moderator: Jul 13, 2006
  21. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand

    ้hi stem, i'm behind a router.if i use the default rules in CHX-I and use rules for inbound in jetico,will that be redundant or slow down in internet?
     
  22. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Korb,
    For your router,.. check the default "Ingress" rules you have loaded for CHX, as the "ingress" rules contain "Private Lan addresses" (such as 192.168.1.0/24) which can cause problems (make sure your Lan IP is not blocked).
    Using the packet filtering on both firewalls may cause some slowdown. I havent seen any conflicts between the 2, but they would both be processing the same packets.
     
  23. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand

    thanks stem.but i reinstalled chx-i 2.8 cause version 3 i just can't resize the properties window for spi mode.i use back the standard filters ,switch off spi mode and switch off some rules in jetico which is cover by chx-i. although i can switch to default setting but i will just play around.the slowness using 2 filter rules in 2 firewall is abt fews second.

    btw,does anyone had a set of ip list which i can add to in chx-i?thanks
     
  24. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    korb,

    did you saw my post?
     
  25. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
    yes,but your post is regarding 'out of connection' am i right. about the attached file 'wan.zip' i cant download it.blank window open without any download promt.btw i put my screenshot up.i can't use verion 3 as the properties window can't be resize. so i can't click the apply button when i check the spi mode.



    so now i'm back to v2.8

    so do you have a list of ip to block?
     
Thread Status:
Not open for further replies.