Discussion in 'other firewalls' started by Gargoyle, Mar 27, 2008.
I click on every option but did not seem them. How do I reach these screens? Much thanks in advance.
To create a Defined list:
Expand "Defined Lists"
Right click on the desired list type
Left click on "New"
For Interface Properties:
Expand "Packet Filters (Global)"
Right click on "Local Area Connection"
Left click on "Properties"
in CHX-I 3.0, with the default wan_start ruleset, you do not need that particular rule.
btw, I replied to your PM...
Is that correct setup for the Interface Properties screen when given those options? There is so much to learn about CHX-I.
glentrino2duo, I sure did and already replied. thanks once again =)
See this thread:
especially, post #43 by Stefan_R, one of the CHX developers
I've enabled SPI for everything but now allow fragamented packets too. Thanks for the link.
Somewhere there was a further discussion with Stephan_R about fragmented
packets, but I can't find it. IIRC, leaving the Deny All Incoming
Fragmented Packets option unchecked does not mean you are allowing
all fragmented packets. There are instances of legitimate packet
fragmentation, but I don't have the technical skills to explain it.
In some cases of legitimate packet fragmentation, CHX3 recognizes
that by other means I believe, perhaps in its implementation of SPI.
Someone like Stem might be able to explain it, but not me. Checking
the Deny option simply rejects all fragmentation.
I having trouble setting up SPI protection without getting my connection blocked. I currently use DSL service from AT&T.
Make certain you imported the wan_start rule set to the green Local Area
Connection network interface card icon, not the IP address.
Make certain the Incoming ARP allow rule in the wan_start rules is turned on.
Good day everyone!
Is CHX-I for network wiz use only? Is there any documentation/Tutorial and sample ruleset that could help me start using it?
There was a sample ruleset, very simple, just a couple of rules. All of it, including CHX-I, is long gone now, the site is no longer. I don't even know where you can find or download any of it now either...... It was a great firewall, but pretty much history now unless you can grab a copy somewhere.
Edit: Sorry, just saw the posts in the other CHX thread. You really should just post once and not in 3 or more threads asking the same question. Others have posted links to CHX and everything available. It's pretty much a learn by doing thing. You might Google for any further CHX tutorial type material also.
You could always check their old pages
Unfortunately, none of the links there seem to work, including the documentation pages.... they are not archived...
If you go to the main page at http://web.archive.org/web/*/http://idrci.net/ you should be able to go and read a good deal of their old pages (just forget the 2007 badleading redirect links).
EDIT: you can also download their "CHX-I Packet Filter Documentation" (CHM help file).
Separate names with a comma.