Kerio rules have a look

Discussion in 'other firewalls' started by AAP, Jul 31, 2003.

Thread Status:
Not open for further replies.
  1. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hello,To all

    Well here i go again could someone have a
    look at these rules tell me if i should add or
    move anything at all well have a good one ;)

    Thank you
     

    Attached Files:

  2. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hi,all

    Sorry i was trying to post both gif files at the same time :rolleyes:

    Thank you
     

    Attached Files:

  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi AAP

    I find the wording confusing for your ICMP rules (but can't quite see the entire caption). The first starts off "Outgoing" but is actually for Inbound.

    I will usually try to include the ICMP type in the caption so you can tell at a glance what the rule is allowing/blocking.

    Inbound ICMP type 0, 3, 11
    Outbound ICMP type 3, 8
    Block all other ICMP

    The rules for LSA Shell, Window Logon, Userinit Logon and Microsoft-DS are default rules. If you do not require them, try disabling them (uncheck). You will be propmpted for anything you may require and can enable the rule then. Once you are certain you do not need the rules, you can delete them.

    Regards,

    CrazyM
     
  4. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hi,CrazyM

    Well here i am hehe have a look please tell me
    if you think i should add or remove anything more
    also do you think i need to move any of these items
    up or down you have a good one

    Good luck :)
     

    Attached Files:

  5. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Oh boy sorry i can't seem to post both at the sametime
     

    Attached Files:

  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi AAP

    On first glance those rules look fine :)

    Regards,

    CrazyM
     
  7. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hey,CrazyM

    Thank you for all the help you have a
    good night & hope to see you soon

    Good luck :)
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi AAP

    Just in case you were not following the other post...

    "After all this hard work, be sure to save off your rule set. You can do this under administration > miscellaneous > firewall configuration files.

    Once saved (by default to the Kerio directory), copy it elsewhere for safe keeping. If you ever have to reinstall you can then just load that .conf file without having to redo your rules. This file is also portable between systems."

    Regards,

    CrazyM
     
  9. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hey,CrazyM

    Yes i found this out the hard way :rolleyes:
    so i did just as you said & i have it on
    a disk just incase you have a good one

    Thank you
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    We have all been there, and done that ;)

    Regards,

    CrazyM
     
  11. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Yes but some more then others who me
    no not me i know it all hehe LOL have a good one

    Good luck :D
     
  12. DEAN

    DEAN Guest

    It looks to me all you guys are right paranoid on ports 137-139 which means you have not unbinded your netbios
    from your System adapter:
    Heres how to do it:

    Do this, This is very important.


    If you are using WIN98SE, You need to select microsoft windows logon or
    family logon(Whether you are lan or dial up user, microsoft Networking user or not)

    Please go to control panel and select Network, and not dial up networking,
    to do the following:

    First, check whether you have to install NetBEUI as a Network protocol,
    if not, just click on Client for Microsoft Network,click "ADD", select protocol,
    and install the NetBEUI. After that, follow the below procedure:


    (1)If you are a dial-up user, just select the icon "TCP/IP->Dial up adapter"
    in Network, and unbind the 2 boxes(Client for microsoft Network and
    Microsoft Family logon), under the binding tabs. whatever windows asks you,
    just click ok or yes.

    (2)After that click on the icon "NetBEUI -> dialup adapter" and under the bindings,
    bind the 2 boxes (Client for microsoft Network and Microsoft Family logon).

    (3) Now, select the Dial up adapter, under the bindings tab, select or bind
    the boxes NetBEUI->Dialup adapter and TCP/IP->Dialup adapter.


    Note: (1)& (2) is the Networks Transport protocol, (3) is the Network adapter
    or hardware adapter.

    If you are on a Lan, cable modem or DSL user, you should bind your network
    adapter to TCP/IP and NetBEUI, and unbind other components
    (like IPX/SPX transport protocol), procedure is same as above,
    the only thing different is, the Dial up adapter has become the Lan adapter
    or Modem adapter.

    After you have done all the above, you can unbind your netbios.

    However, if you are a Microsoft Networking user and you find that
    you can't connect to the internet after you do the above, you have
    to go back to (3) and bind the 2 boxes
    (Client for microsoft Network and Microsoft Family logon),
    under the Network adapter and I believe you will not be able to unbind the Netbios.

    source: fookong_yap



    NOTE: If your ISP disallows you to connect when you unbind NETBIOS from
    your Client adapter then you need another ISP as they want to maintain
    control on your Computer!!!

    source: DEAN.

    I also suggest you use these policies:

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
    "NoFileSharingControl"=dword:00000001
    "NoEntireNetwork"=dword:00000001
    "NoWorkgroupContents"=dword:00000001
    "NoNetSetup"=dword:00000001
    "NoNetSetupIDPage"=dword:00000001
    "NoNetSetupSecurityPage"=dword:00000001
    "NoPrintSharingControl"=dword:00000001
    "NoFileSharing"=dword:00000001
    "NoPrintSharing"=dword:00000001
    "DisablePwdCaching"=dword:00000001
     
  13. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
  14. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    If your port 135 is open, that means you have allowed the server in your rules, and you need to edit your rules.

    Kerio provides the firewall status screen and you should see svchost.exe listening, simply spend some time with your rules to make sure nothing show up as a server, and that you fully understand what your rules are allowing. Its best if you delete the default rules first since they can be a source of this, but their purpose was so your computer was actually able to boot under certain configurations after being installed.
     
Thread Status:
Not open for further replies.