NIS2004 Trusted Zone

Discussion in 'other firewalls' started by SpongeBob, Apr 11, 2004.

Thread Status:
Not open for further replies.
  1. SpongeBob

    SpongeBob Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    24
    I have entered my ISP's DNS servers IP addresses into the "trusted computers zone" of norton firewall. Anything entered into the trusted zone automatically bypasses the firewall, and has full access to my machine as though the firewall wasn't there. I assume this is the way to go for DNS servers.

    This stops two popup alerts appearing each time a program wants permission to access the net for [1] the dns server to lookup the domain it wants to access, and [2] the actual domain it wants to access. I now only get popup alert for [2].

    Questions.. you knew they were coming :)

    1. Is this the best way to go about this sort of thing?
    2. Should I also place the mail server address into the trusted zone?

    -Bob-
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    It's one way to go ;)
    As you noted by placing these in the trusted zone, it by passes all filtering and monitoring/logging. Not being able to monitor/log if I should ever want or need to, is one reason why I prefer not to use the trusted zone.

    Curious as to why you would be getting alerts for DNS querries. Did you delete the default DNS rules?

    My preference is customize the rule(s) and restrict to specified remote servers/IP's where possible and appropriate. Examples of these types of customized rules for DNS and E-mail:
    http://www.gpick.com/agnisrules/pages/system/system_pg2.html
    http://www.gpick.com/agnisrules/pages/application/application_pg2.html

    Regards,

    CrazyM
     
  3. SpongeBob

    SpongeBob Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    24
    Ah, I forgot about logging!

    I only have one default DNS rule in the general rules section:-

    "Default Inbound DNS Rule" Permit UDP connections from any computer on port 53.

    There is no outbound DNS rule at all! That's probably why I kept getting 2 popup alerts each time a program tried to access a website.

    Those url's of yours show both inbound and outbound DNS rules. But they also appear to be much more complex than my rules in NIS2004. I think they're for another type of firewall.

    I think I need to change the existing inbound DNS rule by restricting it to both of my ISP's DNS server addresses. I also need to create a general outbound DNS rule restricted to my ISP's DNS servers on remote port 53, but what local port should I choose to configure??

    I also find all this TCP, UDP, ICMP stuff complicated. I never know which one to choose. :)

    Thanks for the help... Bob
     
  4. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Technically, this is a meaningless post. My prior attempt to post in this thread got lost and I want to see if it'll work this time. (So there's no substance in my response.)
    Logging is everything! :rolleyes:

    Cool! Looks like it worked. Now I can start all over again, from scratch.
     
    Last edited: Apr 12, 2004
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    There should be a "Default Outbound DNS Rule" - permit TCP/UDP to any computer on remote port 53. (the protocols allowed in the default outbound are different than the inbound)


    While the information on that site is applicable to most rule based firewalls, it relates specifically to AtGuard and NIS/NPF.

    Doing just that will result in the custom DNS rules from the link. You just created one of those complex rules ;)

    You can leave the local port to any (like the default rules), or as in the example from the link, restrict that to the ephemeral ports range: 1024-5000. An explanation of ephemeral ports is also on that site.

    Which is why we come here, to help each other out and learn :)

    Regards,

    CrazyM
     
Thread Status:
Not open for further replies.