Disable 'block all other UDP packets'

Discussion in 'LnS English Forum' started by shadek, Apr 30, 2010.

Thread Status:
Not open for further replies.
  1. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    I am currently running the Enhanced ruleset. I am also playing a lot of online games, which require me to have many open UDP ports (like hundreds of random ones). The only way I can play without having Look N Stop interfering in some way is by disabling 'block all other UDP packets'. Will disabling that rule make my system vulnerable? I am behind a NAT router with firewall activated. I have application filtering, protocol filtering and Internet filtering enabled as well as SPI in Look N Stop.
     
    Last edited: Apr 30, 2010
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Yes, a little bit.
    Usually, games are using some known port ranges, and you don't have to create one rule per port to open.

    Regards,

    Frederic
     
  3. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Yes, there are some known ports you'll have to open for Battlefield: Bad Company 2. But LnS block other outbound udp packets to the dedicated servers that listens on certain ports. And these ports are random. Shouldn't just allowing Battlefield BC2 in application filtering just whitelist all connection it tries to do?
     
  4. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    What Ive done is add a rule that allows all ports and traffic types, but only if that specific application is running. In your case you can create one rule and add each game to it since it seems as if you have more than one.

    Ive attached screenshots. In the last picture you go through the list on the right and add the games and the final list of allowed programs will be on the left.
     

    Attached Files:

  5. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    It’s an extremely bad idea to make such an rule, you should specify Ethernet type and IP protocol, and I would even take it an step further by restricting it to the games servers. ;)
     
  6. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Why is it a bad idea? Those rules are only "allowed" when the applications are running that are specified in the rule.

    What about changing Ethernet type to IP and changing the IP Protocol to TCP or UDP. Would that be more secure while still maintaining the flexibility?
     
  7. ktango

    ktango Registered Member

    Joined:
    Dec 7, 2006
    Posts:
    39
    Hi whitedragon551,

    If the application is running, then the mentioned rule was activated. All traffic is allowed by this rule.

    If the rule was changed to TCP or UDP, then only TCP or UDP Traffic is allowed by the changed rule.
     
  8. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Ok. So I created a rule which works wonders!
    I only allow IPv4 and UDP when certain games are running. I put the rule just above 'block all other UDP packets' so that the rules above will block malicious connections. Is this the right thing to do? Or should I just put the rule at top of all rules? Is IPv4 and UDP good enough? No need to open TCP for me.

    Sadly, as phant0m suggested, I cannot only allow the game servers, as they are thousands and listening on different ports.
     

    Attached Files:

  9. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Ok, I narrowed the rule down even more. I only allow '!DF' in the 'frag. flags'. Not sure what it actually means, but at least this rule is even more tight than allowing all 'frag. flags'. Any other way I could narrow it down even more?
     
    Last edited: May 2, 2010
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Did you try specifying udp port range to 50000-55000 ?
     
  11. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    I see where you are getting. I should perhaps narrow it down to port ranges which I see in use. The games I am using are spread between 10000-55000 somewhere. I should try and narrow right now. :)
     
  12. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    With the use of raw rules, PluginEditRawRule.dll (http://www.looknstop.com/En/plugin.htm) Look ‘n’ Stop official DLL plug-in file. It might be a bit complicated for you, however I made an Look ‘n’ Stop plug-in file called ‘Multi-Port Banlist v1.01‘, which you can turn the list of blocks to list of allows. It’s found on my message board.
     

    Attached Files:

  14. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Original poster talking specifically about Battlefield: Bad Company 2 or just Battlefield 2? They two different versions using different ports right? :doubt:
     
  15. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    I downloaded the x64 version and the window to edit the rules never pops up.
     
  16. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Talking about PluginEditRawRule.dll?
     
  17. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    No your PluginMultiPortx64.dll
     
  18. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Usage: Simply save plugin to the Look 'n' Stop application location, and enable the plugin through Look 'n' Stop - 'Plugins settings'.

    .. a > button will appear on the right side of the New and Edit buttons labelled 'Raw edition' or 'Multi-Port Banlist'. These new buttons allow to use the plugin to create a new or to edit an existing rule.
     
  19. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Yup. I did all that and hit the edit button and it never comes up.
     
  20. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Heh! You can only edit the rules that was created by the plugin.
     
  21. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Anything in the works to change that so all rules have the ability to be edited?
     
  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    No, I hadn’t giving it much thought. But the Raw rule plugin will allow you to edit advanced rules anyways. In-fact we’ll be needing the raw rule plugin installed to make a small modification to the rule direction from ‘Inbound’ to ‘Both’.
     
  23. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    You should also consider adding a naming convention to it. If someone has multiple apps that they use the tool for all the naming conventions could get confusing without the being able to name it something the user will remember.
     
  24. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    When you create an new rule using my plug-in, you’ll need to ‘Edit’ this rule using ‘Raw edition’ (the Raw rule plug-in file I mentioned), and change the direction for this rule to apply on, select ‘Both’ and 'OK' it.
     

    Attached Files:

  25. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    True, well using the Raw rule plug-in you can change the name to whatever, and continue using raw rule plugin to make additional modifications. Should give you an idea how it’s done, when adding multiple ports. :)
     
Thread Status:
Not open for further replies.