Phant0m I need Your Help Again

Alright I went through this again as I had to reinstall LnS. I thought I had my rulesets backed up in Winrar, but the archive was corrupt. Just my luck.

https://www.wilderssecurity.com/showthread.php?t=271577

I have added the Raw Edition plugin to LnS. I have started adding ports at field 2, type TCP, ports allowed and not logged, IP type is set to any, operator is set to and, field size is set to 2 bytes. Direction is set to both. Field offset is set to 0 for inbound, 2 for outbound. Yet I still cant connect. Am I missing something here?

 

Hi,

Let's see what you have thus far.

.. And don't forget about rule positioning

 

I didnt forget rule positioning. I started and the field set 2 and worked my way back. After I saved the rule what I placed in field set 2 was moved to field set 0.

Shortly after I had posted this thread I was able to get it working using the multi port ban list.

However now Im curious is there a way to condense the BF2 TCP and UDP multi port ban lists together to create a single rule for BF2?

 

A rule to-do TCP & UDP combinations

 

Thats it? I dont have to change anything with the field 0?

 

That's it.

 

Now for these raw rules will field one always be the same two ports, 17 and 6?

 

Field #1 always remains the same when matching to IP Protocols TCP & UDP (this isn’t port numbers but IP Protocol numbers)

 

Ok. And with field 0 is that also always going to be the same when dealing with a TCP/UDP rule?

 

Field #0 can be changed to reflect the Ethernet type, IPv4, or IPv6, or BOTH

 

I get that, but what about the Field Values. Or is that what your referring to? For instance with my BF2 multi ban list TCP ports are assigned field 0 with a field value of 2156 but the UDP ports are assigned field 0 with a field value of 2048.

 

What version of my plugin you using?

 

The latest. I just downloaded the plugins today about 10 hours ago or so.

 

x64 version?

 

Yes sir.

 

If you hadn't, re-create the BF2 rule with this latest plugin.

 

The plugin version is 2.03 for the RawRule plugin. For the multi port banlist I have v1.01 and for the multi IP ban list I have v1.04

 

Fields (#0-15)
- #0 = Ethernet type
- #1 = IP Protocol
- #2, 3, 4 ... = Ports

Field #0, Field Value1 always should be seen with Value 2048 for IPv4 type checking

 

So the TCP field value and UDP port value for field 0 are always going to be 2048, not the 2156 thats there?

What are the field values for field 0 Ethernet Types? You mentioned one was for IPV4, IPV6, and both?

 

For TCP, UDP rules, just the first field starts off that way

2048 = IPv4, 34525 = IPv6, Field_Criteria:Equal_Value1OR2[Value1: 2048, Value2: 34525] = BOTH

 

Ok and the proper operator for these multi port rule sets should be set to "or" instead of "and"?

 

For Fields #'s that specifies port numbers.

 

Ok for some reason after editing the Field 1 to allow the TCP and UDP protocols with 6 and 17. In the log I keep getting the allowed ports being blocked by another rule. I have to place the rule before or after the rule blocking the ports?

 

Attach the rule, let me have a look.

 

Here is the link:

http://www.mediafire.com/file/t72osnwmuj0snm9/BF2.rie