Ruleset isin't taking effect.

I recently upgraded to Vista (32 bit) and im having some problems with my ruleset i used in XP. The ruleset imports fine, but everything is being blocked, despite rules set to allow certain ports (like web, dns, etc.). Even if i put the default ruleset that came with LnS its still blocked.

What i mean by blocked is even though there are rules defined to open some ports, the ports are still blocked by the last rule "Block: All other packets". This problem occurs even when i reinstalled LnS multiple times.

Any idea what's happening? I'm using the latest version and yes i purchased a license.

 

Hi,

It looks like you have the problem described here:
http://www.looknstop.com/En/faq_problems.htm#KB951748

If you still have the problem after updating the ruleset, please post some screenshots of the Ruleset and Log tabs.

Thanks,

Frederic

 

It's not only limited to DNS though, any ports that i have open are being blocked (even custom ones).

 

Ok, could you make some screenshots of the packet content and the rule that should have detected it but didn't work ?

The problem could be related to the IP address. Is you IP address properly displayed in the Welcome tab and the connected to internet checkbox ticked ?

You said you upgraded to Vista and you imported rules. Did you import rules from a ruleset coming from another installation of Look 'n' Stop (not Vista) ?
Local ports range has changed (from 1024-5000 to 49152-65535) and this could also be related to your issue.

Frederic

 

Here's a little more information about the problem.

I had installed Vista before and my LnS rules from XP worked fine (i even saved them in Vista). Then i had to reinstall Vista because i purchased a license and i had to enter it during the install. This time around with it, LnS doesn't want to apply the imported rules. Oddly enough, when i make new rules; those rules are applied. This would be difficult for me to do though, since i use Phant0m's ruleset and i have tons of my own rules.

Also, is there a chance future versions can accept more rules? I'm near the maximum limit for rules.

 

My ip is not being properly reported.

It says its 169.254.110.5 when its in fact 66.131.254.xxx

I fixed the ip thing by disabling ipv6 (but leaving ipv4 enabled) in network properties. The rule problem is still occuring though.

 

I just need the screenshot of one rule which you think was not applied, and the packet content it should have caught.

Frederic

 

I got tons of detailed screenshots for you.

The rule that i'm focusing on for these screenshots is the "Allow ARP Packets" rule.

Here's the rule in the "Internet Filtering" tab:

http://img147.imageshack.us/img147/3825/arpruleyt4.jpg

Contents of the rule (Rule Editing):

http://img368.imageshack.us/img368/6530/arpdetailsqf8.jpg

The log tab with the rule being blocked (It's blocked by the last rule):

http://img147.imageshack.us/img147/7530/logvf3.jpg

The content of the packet:

http://img511.imageshack.us/img511/6426/packetcontentsc0.jpg

The ARP Packet Detail:

http://img368.imageshack.us/img368/1583/arppacketdetailbh0.jpg

Lastly, here is what the "Block: All other packets" rule looks like:

http://img213.imageshack.us/img213/8875/blockotherpacketstz0.jpg

 

I think i fixed it. While playing around with the rules, i restored from an earlier backup of my ruleset and it now works. I think something got corrupt in the ruleset i was using, which is why it wasn't working properly.

Aside from that, will new versions allow for more rules to be added? Currently its at 128 rules maximum and im using 117 rules.

 

Ok, thanks for the update, and for the screenshots.

The reason why it was not working is because the attribute "Stop to examine the other rules" (the down yellow arrow column) was not selected for the ARP rule (and for the other rules actually).
Usually this attribute is always selected because you want the rule to be applied when it matches.

Unselecting this attribute is useful when you want to add sniffer rules, which just look, count or log packets without interfering with the allow/block behaviour.

117 rules is very huge
Is there anyway to combine some rules in your ruleset ?

The performance (to process the rules at the driver level) could become an issue when the number of rules is big. That's why I'm not sure yet the number will increase.
I would prefer first to understand why you have so many rules, and maybe there are some alternate features/ways to solve the issue.

Regards,

Frederic

 

I know, i wish i didnt have so many rules. The reason i have so many is because i play a lot of games, and the games require a multiple ranges of ports to be open. The GUI doesnt allow me to enter multiple ranges.

For example:

Steam requires UDP 27000 to 27020, TCP 27020 to 27050 and UDP 1200. Since i can't put all these ranges into the same rule, i have to make 3 seperate rules.

So i guess my suggestion would be, the GUI should allow multiple ranges for a single rule with a minimum of a 10 range limit per rule.

 

So is there any possibility something like this can be added to LnS?

 

It is already possible through the RawRuleEdition plugin to allow several ports and ports ranges for one rule. However the GUI to do that is very advanced.
It is also possible to write a new dedicated plugin with a simple interface just to allow several ports for TCP and UDP. Maybe this would be the best solution, in a first step (it doesn't require a new Look 'n' Stop version).

It will not be possible with one rule to allow different ports on different protocols (even with a new plugin).
I just mean it is not possible to do a rule to allow "TCP on port X" or "UDP on port Y", with X and Y different. This will requires anyway 2 rules.
(it is possible to do UDP/TCP combinations, only when the list of ports is the same).

Frederic