No more Rules - Suppress some Old Rules to make more room

Discussion in 'LnS English Forum' started by halcyon, Nov 15, 2005.

Thread Status:
Not open for further replies.
  1. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    I'm getting this kind of error message (paraphrasing from memory) :

    "No more room - Suppress some old rules to make room for new rules."

    How do I fix this?

    Running 2.05p3 on XP Pro SP2, with very little connections.

    I have 130 application rules and 98 Internet Filterint rules.

    Is this too much?

    What kind of a "wall" am I hitting?

    regards,
    Halcyon

    PS It took me a while to understand that the error dialog was from Look'n'Stop (I think it is, I'm not 100% sure). For future updates, I think it would be nice, if the application actually identified itself and didn't just blurt out anonymous error dialogs...
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I think it's generally considered good practice to keep your number of rules to a minimum or as few as possible. If you have that many and are hitting LnS limits, then that's probably way too much. Must be some way you can cut it down there.. For example, I can't imagine how you would possibly need 98 internet filtering rules.. Seems extremely excessive.
     
  3. Arup

    Arup Guest

    I am sure some of the rules are overlapping, see if you can do some trimming.
     
  4. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Yeah, yeah, yeah. It's my program, my filters. Maybe you don't have as many specific apps as I do, with as many specific IP/port/protocol ranges as I do? Maybe I want tighter granularity of control with each filter?

    At any rate, I think a rule limit of 100 or so is just silly in this day and age.

    Could somebody who knows, tell me what are the (hard coded?) limits for filters and is there a way to overcome this limitation?

    Thanks!
     
  5. Arup

    Arup Guest

    How can you assume that I have less numbers of apps than you have, did you come to my house and checked it out for yourself, point is how many apps can be there be which are physically existing in the system and requires individual rules for all the existing ports and possible IPs and ports, one can achieve same granularity and tightness with IP and port range specified rules as in Kerio, if you are looking for a firewall with unlimited number of rules, consider Sygate Pro or Filseclab, actually Filseclab doesn't' let you specify ranges so maybe that fits perfectly to your requirement.
     
  6. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Arup, I wasn't referring to you, but to Kerodo.

    But I could reply to you:

    How can you be sure that my rules are overlapping?

    Did you come to my house to check them :)

    Really, don't make this is "stupid user" error, when it's not that.

    Hard coded (?) limitation of max. 100 rules in a firewall application is braindead :)

    And I never said I wanted "unlimited number of rules", stop making straw man arguments :)

    I just want something that is a little bit more practical than a max of 100, which is easily filled.

    regards,
    halcyon

    PS and I'm sorry to say, but you are wrong about the granularity of control. If you combine two rules into one rule, how do you temporarily disable just half of that rule? Really, that's what granularity is about, you should know it.
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Halcyon - I wasn't trying to tell you how to use your firewall, so no offense intended there.. Just can't see how you can have so many rules. LnS doesn't really have app specific rules, right? They are all internet rules. I guess you can have a rule trigger an app if you want, but as far as I know the app section is entirely separate from the internet rules and you can't define specific app rules. So they all have to be internet rules referring to ports and IPs, etc.

    So how many internet rules does one need anyway? You need to allow TCP in and out for browsing and other things, UDP out perhaps or maybe in also. DNS and DHCP, couple of rules there. Frag packet rules and perhaps a couple others. So what the heck else are you doing there that requires 100's of rules?!

    Again, no offense intended, just curious. ;)
     
  8. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Kerodo, none taken :)

    But the problem is that really there are that many rules.

    BF2 alone takes 7 rules (they are all port ranges btw, cannot be combined in LnS).

    Then I have a dozen or so other games, all with their own different port ranges (several of them).

    A few dozens of Internet relates programs with all their own port ranges (sometimes several of ranges).

    Then the regular Phantom enhanced set

    It all builds up pretty fast.

    But it appears that the rules that I was running out was Application Filtering rules.

    And I surely have more than 130 apps that try to connect to Internet :)
     
  9. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Perhaps it's just a matter of LnS not being able to hold that many apps in the app section. Must be a limit then. Frederic should be able to shed some light on it hopefully..
     
  10. Arup

    Arup Guest

    Halycyon,

    Never in my experience have I seen someone needing more than 100 rules even for granularity,not even corporates. When you have so many rules, chances are that one of them is bound to overlap or block when a new rule is set, thats how I assumed although now I truly bow in reverence to your rule making abilities considering your post about it. Even at DSL reports Kerio forum, the general consensus was to have fewer very tight rules and all worked out fine but to each his/her own I guess. Only one time I had to make two rules for my mail client, one for the regular range of the mail and news ports, other to just block port 80 as I hated the pesky ads that would come in with some mail which made use of port 80.

    So in your case, even Kerio is out as I have seen issues reported in it when too many rules are in place, the only rule champion is Sygate Pro or Filseclab in this case.
     
Thread Status:
Not open for further replies.