Help with Rules???

Discussion in 'Other Ghost Security Software' started by SCClockDr, Nov 21, 2005.

Thread Status:
Not open for further replies.
  1. SCClockDr

    SCClockDr Registered Member

    Joined:
    Oct 23, 2005
    Posts:
    24
    Hi All

    I've just installed Ghostwall and am looking for some assistance with composing the proper rules for my system.

    I am running XP Pro SP2 stand alone system with an ethernet attached cable modem and no other nodes.

    Ipconfig /all reported the following:

    Windows IP Configuration



    Host Name . . . . . . . . . . . . : family

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : cfl.rr.com



    Ethernet adapter Local Area Connection 6:



    Connection-specific DNS Suffix . : cfl.rr.com

    Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

    Physical Address. . . . . . . . . : 00-##-D8-1D-##-##

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 68.204.###.###

    Subnet Mask . . . . . . . . . . . : 255.255.###.0

    Default Gateway . . . . . . . . . : 68.204.###.#

    DHCP Server . . . . . . . . . . . : 10.105.##.#

    DNS Servers . . . . . . . . . . . : 65.32.X.XX

    65.32.Y.YY

    Lease Obtained. . . . . . . . . . : Monday, November 21, 2005 11:09:48 AM

    Lease Expires . . . . . . . . . . : Monday, November 21, 2005 9:03:21 PM

    NOTE:
    #, Y, X represent actual digits and are redacted.

    My currently ingorant thinking is to modify the DNS rule to reflect the IP address. Am I on the right track?
    Do I need supplied multiple DHCP rules? Should I include the IP address listed above to limit access properly? The DHCP ones supplied with the download don't seem to apply, or am I completely missing the point?

    Need I create a rule for the default gateway? I intend to try experimenting while awaiting any replys.
    Thanks
    George
     
    Last edited: Nov 22, 2005
  2. SCClockDr

    SCClockDr Registered Member

    Joined:
    Oct 23, 2005
    Posts:
    24
    Hi All

    Below are the rules I came up with. Any feedback would be appreciatd.

    Thanks
     

    Attached Files:

  3. brjoon1021

    brjoon1021 Registered Member

    Joined:
    Aug 10, 2005
    Posts:
    143
    I am not suggesting that you won't get good help here or that you should give up. But I did. I think that this is a really good piece of software if one is up to the task.

    I was not. Rules (only) are more involved than I want to get.

    If you find that you are in the same boat. I have tried Netveda, Filseclab and Kerio 4.2 (and import the BZ ruleset for 2.1x Kerio firewall). These are all good alternatives for the Network challenged like myself. Each time that an application tries to open or access the internet you are given the choice to allow it and make an automatic rule for this application or get nerdy and make your own. Perhaps you know all of this and are ready for Ghost. Just my two cents if applicable.

    Good Luck,

    B.
     
  4. SCClockDr

    SCClockDr Registered Member

    Joined:
    Oct 23, 2005
    Posts:
    24
    B
    Thanks for the reply. I see much more activity on the other ghost boards as it seems there is more development activity going on there.
    I tend to ask for assistance to help get started on a new challenge but will dive in on my own and hope the assistance will be there if I get stuck.
    Thus far I've seemed to have solved the obvious issues to my satisfaction. Unless I find I've left the system open to some attack not revealed in my initial testing.
    There is nothing like a good mental challenge to keed me on my toes as the brain cells slowly die off.
     
  5. wuz2blu

    wuz2blu Registered Member

    Joined:
    Nov 24, 2005
    Posts:
    1
    Thank you for the advice, B. You described me exactly when you said, "Rules (only) are more involved than I want to get." I am looking to replace the default WinXP firewall, but I don't want to spend time learning a new program to be able to use the replacement. (Yes, I'm lazy.)
    Well, I'm off to check out Kerio and maybe a couple of the others. BTW, anyone have an opinion on Sygate Personal Firewall?
    Thanks in advance.
    ~wuz2blu
     
  6. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi wuz2blu.
    I use CHX-I IP Packet Filter ( http://www.idrci.com/ ) for umm,packet filtering,(but you'll have to do some thinking i'm afraid) and ZoneAlarm ( http://www.zonelabs.com/store/content/home.jsp )for application control. This combo will give you higher internet speeds than most. I've tried a few firewalls,the only one coming close (for me) was L'n'S ( http://www.looknstop.com/En/index2.htm ) and it's packet control features,but the app control was a real let down as you can't control which ip addresses/websites they connect to,could be just the ticket for you though,just allow or deny internet access. I've still got my ruls set for it you want them,you'll have to customize some them to suite your needs. I have heard very good good reports about the latest Outpost firewall ( http://www.outpostfirewall.com/guide/index.htm ) (supposedly passes all leak tests aswell). Norton (http://www.symantec.com/home_homeoffice/products/internet_security/npf2006/index.html ) used to have auto config rules that you download with the updates,whether they still do i don't know. That aside,you could carry on useing GW and just get another free firewall for app control,just remember to disable the inet filtering for it.
     
Thread Status:
Not open for further replies.