Ruleset isin't taking effect.

Discussion in 'LnS English Forum' started by Gamer, Nov 22, 2008.

Thread Status:
Not open for further replies.
  1. Gamer

    Gamer Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    38
    I recently upgraded to Vista (32 bit) and im having some problems with my ruleset i used in XP. The ruleset imports fine, but everything is being blocked, despite rules set to allow certain ports (like web, dns, etc.). Even if i put the default ruleset that came with LnS its still blocked.

    What i mean by blocked is even though there are rules defined to open some ports, the ports are still blocked by the last rule "Block: All other packets". This problem occurs even when i reinstalled LnS multiple times.

    Any idea what's happening? I'm using the latest version and yes i purchased a license.
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
  3. Gamer

    Gamer Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    38
    It's not only limited to DNS though, any ports that i have open are being blocked (even custom ones).
     
  4. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Ok, could you make some screenshots of the packet content and the rule that should have detected it but didn't work ?

    The problem could be related to the IP address. Is you IP address properly displayed in the Welcome tab and the connected to internet checkbox ticked ?

    You said you upgraded to Vista and you imported rules. Did you import rules from a ruleset coming from another installation of Look 'n' Stop (not Vista) ?
    Local ports range has changed (from 1024-5000 to 49152-65535) and this could also be related to your issue.

    Frederic
     
  5. Gamer

    Gamer Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    38
    Here's a little more information about the problem.

    I had installed Vista before and my LnS rules from XP worked fine (i even saved them in Vista). Then i had to reinstall Vista because i purchased a license and i had to enter it during the install. This time around with it, LnS doesn't want to apply the imported rules. Oddly enough, when i make new rules; those rules are applied. This would be difficult for me to do though, since i use Phant0m's ruleset and i have tons of my own rules.

    Also, is there a chance future versions can accept more rules? I'm near the maximum limit for rules.
     
  6. Gamer

    Gamer Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    38

    My ip is not being properly reported. :blink:

    It says its 169.254.110.5 when its in fact 66.131.254.xxx


    I fixed the ip thing by disabling ipv6 (but leaving ipv4 enabled) in network properties. The rule problem is still occuring though.
     
    Last edited: Nov 24, 2008
  7. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    I just need the screenshot of one rule which you think was not applied, and the packet content it should have caught.

    Frederic
     
  8. Gamer

    Gamer Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    38
    I got tons of detailed screenshots for you.

    The rule that i'm focusing on for these screenshots is the "Allow ARP Packets" rule.

    Here's the rule in the "Internet Filtering" tab:

    http://img147.imageshack.us/img147/3825/arpruleyt4.jpg

    Contents of the rule (Rule Editing):

    http://img368.imageshack.us/img368/6530/arpdetailsqf8.jpg

    The log tab with the rule being blocked (It's blocked by the last rule):

    http://img147.imageshack.us/img147/7530/logvf3.jpg

    The content of the packet:

    http://img511.imageshack.us/img511/6426/packetcontentsc0.jpg

    The ARP Packet Detail:

    http://img368.imageshack.us/img368/1583/arppacketdetailbh0.jpg

    Lastly, here is what the "Block: All other packets" rule looks like:

    http://img213.imageshack.us/img213/8875/blockotherpacketstz0.jpg
     
  9. Gamer

    Gamer Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    38
    I think i fixed it. While playing around with the rules, i restored from an earlier backup of my ruleset and it now works. I think something got corrupt in the ruleset i was using, which is why it wasn't working properly.

    Aside from that, will new versions allow for more rules to be added? Currently its at 128 rules maximum and im using 117 rules.
     
  10. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Ok, thanks for the update, and for the screenshots.

    The reason why it was not working is because the attribute "Stop to examine the other rules" (the down yellow arrow column) was not selected for the ARP rule (and for the other rules actually).
    Usually this attribute is always selected because you want the rule to be applied when it matches.

    Unselecting this attribute is useful when you want to add sniffer rules, which just look, count or log packets without interfering with the allow/block behaviour.

    117 rules is very huge :eek:
    Is there anyway to combine some rules in your ruleset ?

    The performance (to process the rules at the driver level) could become an issue when the number of rules is big. That's why I'm not sure yet the number will increase.
    I would prefer first to understand why you have so many rules, and maybe there are some alternate features/ways to solve the issue.

    Regards,

    Frederic
     
  11. Gamer

    Gamer Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    38
    I know, i wish i didnt have so many rules. The reason i have so many is because i play a lot of games, and the games require a multiple ranges of ports to be open. The GUI doesnt allow me to enter multiple ranges.

    For example:

    Steam requires UDP 27000 to 27020, TCP 27020 to 27050 and UDP 1200. Since i can't put all these ranges into the same rule, i have to make 3 seperate rules.

    So i guess my suggestion would be, the GUI should allow multiple ranges for a single rule with a minimum of a 10 range limit per rule.
     
  12. Gamer

    Gamer Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    38
    So is there any possibility something like this can be added to LnS?
     
  13. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    It is already possible through the RawRuleEdition plugin to allow several ports and ports ranges for one rule. However the GUI to do that is very advanced.
    It is also possible to write a new dedicated plugin with a simple interface just to allow several ports for TCP and UDP. Maybe this would be the best solution, in a first step (it doesn't require a new Look 'n' Stop version).

    It will not be possible with one rule to allow different ports on different protocols (even with a new plugin).
    I just mean it is not possible to do a rule to allow "TCP on port X" or "UDP on port Y", with X and Y different. This will requires anyway 2 rules.
    (it is possible to do UDP/TCP combinations, only when the list of ports is the same).

    Frederic
     
Thread Status:
Not open for further replies.