OSSS firewall

Discussion in 'other firewalls' started by Tarnak, Jul 29, 2010.

Thread Status:
Not open for further replies.
  1. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I have am trialling this FW in one of my system snapshots.

    It looks quite good. I had not been in this snapshot for 6 days, so consequently my Sunbelt definitions had to be updated...in this case the whole definitions set, rather than incrementally as it would have done if I had been logged in constantly. See screenshot #1

    However, I also see I can customize the rules...but I have no idea,e.g. the application HitmanPro as per screenshot #2 and #3

    I would appreciate any advice on which ports I can/should/or not allow.

    I have no idea when it comes to customized rules in a FW, but I am always interested in learning. :)
     

    Attached Files:

  2. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    The easiest way to see which ports you should allow an application to access is to use the logs to see what it is trying to do. I would start with a couple trusted applications that you know won't be trying to make rogue connections. Once you set up rules for them, you will get the hang of how to do it. For example, in your first screenshot you can restrict Sunbelt's local ports to the range: 1025 - 5000. You can make this same restriction for most all of your outbound rules. These ports are known as ephemeral ports. Your outbound port for Sunbelt looks like it can be limited to a single port: 80. You could even limit the remote addresses if you wanted. As for the Hitman Pro screenshots, the same rules apply. Ports 1025 - 5000 local and port 80 and 443 remote (Hitman Pro uses port 443 to upload suspicious files to the cloud). There shouldn't be a need for an incoming or UDP rule for these connections. Only TCP outgoing. I'm not sure about the dialog you posted with Hitman Pro using the ICMP protocol. This protocol is typically used for pings and traceroutes. Most firewalls come with predefined rules for ICMP. If this one didn't, you may find it easier to learn by using another firewall for awhile first before moving on to this one.
     
  3. weeNym

    weeNym Registered Member

    Joined:
    Jul 14, 2003
    Posts:
    19
    You might want to check the following post in regards to ephemeral ports. They have changed in Vista and W7.

    https://www.wilderssecurity.com/showthread.php?t=275573

    weeNym
     
  4. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Sorry for the late reply....another thread I overlooked.

    Thanks!....I am running XP.

    Plus, this snapshot has gone the way of the Dodo...:)

    I answered wrongly to a popup and it took down C:\WINDOWS\system\system32\drivers\os_cfg.sys

    So, trying to boot the system in SAFE MODE, takes me so far...and then nada! ...as follows:

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\ntoskrnl.exe
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\hal.dll
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\KDCOM.dll
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\BOOTVID.dll
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\config\system
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\C_1252.nls
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\C_850.nls
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\l_intl.nls
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\FONTS\vgaoem.fon
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\AppPatch\drvmain.sdb
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\Drivers\
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\System32\os_vdisk.sys


    I have to try imaging...but!...I just can't make up my mind...too many choices!

    So, if I stuff up snapshot, I still have that classic, FD-ISR to save my bacon! ;) Just wipe that snapshot and create a new one from several more that I have for testing other betas.
     
Loading...
Thread Status:
Not open for further replies.