Phant0m I need Your Help Again

Discussion in 'LnS English Forum' started by whitedragon551, Dec 14, 2010.

Thread Status:
Not open for further replies.
  1. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Alright I went through this again as I had to reinstall LnS. I thought I had my rulesets backed up in Winrar, but the archive was corrupt. Just my luck.

    https://www.wilderssecurity.com/showthread.php?t=271577

    I have added the Raw Edition plugin to LnS. I have started adding ports at field 2, type TCP, ports allowed and not logged, IP type is set to any, operator is set to and, field size is set to 2 bytes. Direction is set to both. Field offset is set to 0 for inbound, 2 for outbound. Yet I still cant connect. Am I missing something here?
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hi,

    Let's see what you have thus far.

    .. And don't forget about rule positioning ;)
     
  3. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    I didnt forget rule positioning. I started and the field set 2 and worked my way back. After I saved the rule what I placed in field set 2 was moved to field set 0.

    Shortly after I had posted this thread I was able to get it working using the multi port ban list.

    However now Im curious is there a way to condense the BF2 TCP and UDP multi port ban lists together to create a single rule for BF2?
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    A rule to-do TCP & UDP combinations
     

    Attached Files:

  5. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Thats it? I dont have to change anything with the field 0?
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    That's it. :)
     
  7. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Now for these raw rules will field one always be the same two ports, 17 and 6?
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Field #1 always remains the same when matching to IP Protocols TCP & UDP (this isn’t port numbers but IP Protocol numbers)
     
  9. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Ok. And with field 0 is that also always going to be the same when dealing with a TCP/UDP rule?
     
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Field #0 can be changed to reflect the Ethernet type, IPv4, or IPv6, or BOTH
     
  11. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    I get that, but what about the Field Values. Or is that what your referring to? For instance with my BF2 multi ban list TCP ports are assigned field 0 with a field value of 2156 but the UDP ports are assigned field 0 with a field value of 2048.
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    What version of my plugin you using?
     
  13. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    The latest. I just downloaded the plugins today about 10 hours ago or so.
     
  14. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    x64 version?
     
  15. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
  16. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    If you hadn't, re-create the BF2 rule with this latest plugin.
     
  17. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    The plugin version is 2.03 for the RawRule plugin. For the multi port banlist I have v1.01 and for the multi IP ban list I have v1.04
     
  18. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Fields (#0-15)
    - #0 = Ethernet type
    - #1 = IP Protocol
    - #2, 3, 4 ... = Ports

    Field #0, Field Value1 always should be seen with Value 2048 for IPv4 type checking
     
  19. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    So the TCP field value and UDP port value for field 0 are always going to be 2048, not the 2156 thats there?

    What are the field values for field 0 Ethernet Types? You mentioned one was for IPV4, IPV6, and both?
     
  20. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    For TCP, UDP rules, just the first field starts off that way

    2048 = IPv4, 34525 = IPv6, Field_Criteria:Equal_Value1OR2[Value1: 2048, Value2: 34525] = BOTH
     
  21. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Ok and the proper operator for these multi port rule sets should be set to "or" instead of "and"?
     
  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    For Fields #'s that specifies port numbers.
     
  23. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Ok for some reason after editing the Field 1 to allow the TCP and UDP protocols with 6 and 17. In the log I keep getting the allowed ports being blocked by another rule. I have to place the rule before or after the rule blocking the ports?
     
  24. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Attach the rule, let me have a look.
     
  25. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
Thread Status:
Not open for further replies.