NPF 2003 ICPM default setting is permit inbound and outbound

Discussion in 'other firewalls' started by HandsOff, Jul 5, 2004.

Thread Status:
Not open for further replies.
  1. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Now that I tightened up the NetBIOS rule, the next so-called "advanced rule" has to do with ICMP (Internet Control Message Protocol). Two rules, actually:

    1- permit inbound
    2- permit outbound

    all I know about ICMP is that it has something to do with pinging, and vaugly that firewalls have been known not to block pings that somehow are not legitimate. what i don't know is basically this: If I change the rules 1 and 2 to block rather than permit will it have some bad effect?

    also, i am correct that a ping is a request for a response. this would or would not include a computer that I have initiated contact with?

    I know this is pretty basic, but what does one do? NPF gives you control over this rule, however they do not say a thing about the impact of the settings. I assume the fact that they give you the cabability of blocking this would tend to suggest that there might be a good reason to do so...and yet, by default the setting is "permit". Is it any wonder I am confused?

    -HandsOff
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    You can permit Outbound,but i highly recommed that you DO NOT permit inbound. If you do,your PC won't work in Stealth mode anymore.
     
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi HandsOff

    The default ICMP rules in NIS/NPF will not allow anyone to ping you.

    Basic ICMP rules:
    Allow inbound type 0, 3, 11.
    Allow outbound type 8.

    For the above you would only need to modify the default outbound ICMP rule.

    You might find the following site useful in regards to NIS/NPF:
    Customizing AtGuard/NIS Rules. The section on System rules covers ICMP and explains a little about it along with other links.

    Regards,

    CrazyM
     
  4. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    That is a huge amount of information. I attempted to download the PDF which is something like 134 pages, only screwed up my first attempt. I'm not sure but I think maybe only allowing 10 mb to cache web pages might cause problems when I have been to several sites then try to download. I'm sure it won't be a problem though, since I could "see" it.

    Anyways, about that line, "everything you wanted to know...but were afraid to ask" I guess if I am afraid of something it is that for every question answered, two more take its place when I find an answer.

    I am quite sure that ag-NIS will provide much more knowledge than I ever dreamed of learning from the "help" file within NPF.

    I look forward to unravelling the mysteries of NPF. My instincts tell me that there is a lot more capability within this program than many would admit.
    **************
    additional comment - I was able to download the entire ebook very quickly (less than a minute) after clearing my IE temp files.

    -HandsOff
     
    Last edited: Jul 6, 2004
  5. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    HandsOff,

    And, if you have any questions, clarifications, or suggestions as to how to extend that site, don't hesitate to let CrazyM know! ;) (We all do from time to time. :D )
     
  6. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    I have a great many questions, only thing is...now CrazyM may well respond, "you have the answer already, it's in the book!"
     
  7. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Nah! :D CrazyM's a nice guy! Sometimes we even let him have a day to himself! ;) Almost every page on that website has been modified at one time or another due to feedback received from readers.

    Sometimes, it's an bit of expansion or clarification; other times it's been a clear expansion of the discussion. There's even a bit of cross-fertilization there! You'll see (from the list of contributors) that some of the contributors are people who use Tiny, Kerio, or even Zone Alarm. (There's more similarity in custom rules among the different products than a lot of end-users apparently realize.)

    Besides, if you don't want to drop the entire burden on CrazyM, you can always post here and pick up some tips from any number of respondents.
     
Loading...
Thread Status:
Not open for further replies.