converting LnS rules to CHX-I

im considering using a packet filter (CHX-I just came to my mind first), but i would like to convert my current LnS ruleset.

heres an example rule:

http://img151.imageshack.us/img151/5324/sshot1pk7.jpg

Could someone post an example rule from CHX-I and tell me what info goes where?

 

Here is a blank global rule showing some options.

 

WSfuser,

On your LnS rule, where you have the source port, you should define the destination port instead...

 

@Stem,

ok, it looks simple enough. i think i could change all my rules.

also, since chx is a packet filter, any ports i open will always be open unless i disable the rule correct?

@VaMPiRiC_CRoW,

if u notice, i posted a server rule. i already have a client rule where i have put the destination port.

 

Your rule, for the server side, isn't this:

Protocol: TCP
Direction: Any
Source IP: Any
Source Port: 6340
Destination IP: Any
Destination Port: Any

?

 

i just got the ruleset from this thread. i posted teh rule just to show what a rule in LnS looks like.

 

No,... the port will show open only if an application is listening on that port you open,........ otherwise the port will show as closed.

 

I don't agree with that.

The rule for a server should be specified to allow the packet destination port.
You should do this way on firewalls that also have Application Monitor, like Comodo PF, but with CHX you will need to set in a different way to have the port stealth when the program server is not running.

You should something like this:
http://img176.imageshack.us/img176/3783/p2prulenormallyau5.png

But this way you will have the port closed instead of stealth, when you are not using the program server...

If you want to have the port Stealth, take a lot at this: Stealth port when not used...

You have to make a similar rule, like the IDENT rule, that use conditional, of the sample for CHX.

 

it was time consuming, but i managed to recreate all the rules from my LnS ruleset.

i have a few questions:

*in LnS, some of the rules have the source IP as my own. how do i do this for chx?

*is it ok if all the rules are just normal priority?

*does rule order matter? can i keep my rules in a certain order?

*do i need a "block all" rule like i would for LnS?

 

You might actually have gone through WAY too much work. With look'n'stop, the spi isn't enabled and truly isn't its strongpoint, so it is usually used as a straight up packet filter with rules for everything. With CHX-I, you only need to turn on all of the SPI, have 2 rules, then you are good to go. Then you need to create rules only for things like games and p2p. Everything else will work be default. The simplicity is similar to that of a hardware firewall. If you need help setting it up, this thread takes you through it pretty well.

Answering your questions, just enter in your source IP for the IP address in the destination field. As for priority, if you aren't doing anything complicated, then normal priority is fine until you find some rules overiding other rules. Then move the rule that is being overidden up to a higher level. Rule order does not matter, the priority is what matters. Block all isn't needed since it will be covered by the SPI if you enable as configured in the post I gave earlier (I recomend importing the basic rule set in that post, reading over the rules, then deleting the rules that you have converted from look'n'stop that aren't necessary. If you need help, just post back ).

Cheers,

Alphalutra1

 

wow...i rele did do way too much

thanks for the help Alphalutra1 chx-i is working great

 

LOL, I am glad you like it though. You probably learned a lot out of that experience, so it wasn't a complete waste of time. Enjoy the speed and protection of CHX-I

Cheers,

Alphalutra1