Re: Kerio Firewall 2.1.4: Not visible in homenetwork
From: sponge (yosponge@yahoo.com)
Date: 01/24/03
- Next message: Lars M. Hansen: "Re: Newbie: DNS query firewall setting?"
- Previous message: Rose: "Re: ZAslows down some apps<LOL>"
- In reply to: Armin Breneis: "Kerio Firewall 2.1.4: Not visible in homenetwork"
- Next in thread: Armin Breneis: "Re: Kerio Firewall 2.1.4: Not visible in homenetwork"
- Reply: Armin Breneis: "Re: Kerio Firewall 2.1.4: Not visible in homenetwork"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: yosponge@yahoo.com (sponge) Date: 23 Jan 2003 15:15:07 -0800
"Armin Breneis" <jemand@asdf.as> wrote in message news:<3e2fc68b$0$25426$91cee783@newsreader01.highway.telekom.at>...
>thanks a lot, i posted in a german group, too and got much anoying
posts,
>cause i was not "able to quote correct" and formed untechnical
questions (i
>tried to ask without reading the "how to post" and i shouldn't do
that).
>
>so i crawled through the services.-file in
winnt/system32/drivers/etc,
>deleted all the existing rules and started from the beginning. now my
>questions are about
I take it Kerio runs okay now.
>- which rule i have to create for ping (icmp),
You mean, to block external ping attempts? Use the following:
Rule Name: Block Incoming ICMP
Protocol: ICMP subtype: ALL
Direction: INCOMING
Application: ANY
Remote Address: ANY
Action: DENY
Note that this will prevent you from being able to Ping.
To block IGMP (recommend unless you need it, though Kerio's default
list already has it)
Rule Name: Block IGMP
Protocol: ICMP subtype: Other 2
Direction: BOTH
Application: ANY
Remote Address: ANY
Action: DENY
I also recommend creating a rule to allow TCP/UDP to 127.0.0.1 in both
directions.
Rule Name: Localhost
Protocol: TCP & UDP
Direction: BOTH
Local Port: ANY
Application: ANY
Remote Address: 127.0.0.1
Remote Port: ANY
Action: PERMIT
>- why an internet explorer - request needs an udp-out to 127.0.0.1
>- and many others too
IE's UDP out to 127.0.0.1 might be a check to see if it's online. Bear
in mind that IE also checks for updates and does a lot of other
phoning home. Which is why so of us security folks avoid using it.
>i think it's better to do everything by myself (i'll learn more and i
don't
>bother others)
>if there is a real good (and also for newbies like me usable) site to
learn
>about protocols/ports/... i would ask you to poste it here.
Try checking http://static.smni.com/adstatic/staticPopMod.htm?po=416617786
for more info on how to create generic rulesets for applications. This
will work with any "real" firewall.
Keep in mind that 1. block all unneeded local ports, except those you
need, such as:
Local Port#
25 SMTP (sending email)
20 FTP (Inbound)
21 FTP (Outbound)
53 DNS
68 DHCP (though you should have a static IP so this is not necessary)
80 HTTP
110 POP (reading email)
113 POP Authentication (rarely used these days)
119 NNTP (newsgroups)
443 SSL
8080 HTTP
Even better is to allow only certain, trusted applications to talk to
those ports and block all ports universally for everything else.
Remember that the order of rules is important.
Hope this helps.
Sponge
Sponge's Anti-Spyware Source
www.geocities.com/yosponge
Another new sig...
- Next message: Lars M. Hansen: "Re: Newbie: DNS query firewall setting?"
- Previous message: Rose: "Re: ZAslows down some apps<LOL>"
- In reply to: Armin Breneis: "Kerio Firewall 2.1.4: Not visible in homenetwork"
- Next in thread: Armin Breneis: "Re: Kerio Firewall 2.1.4: Not visible in homenetwork"
- Reply: Armin Breneis: "Re: Kerio Firewall 2.1.4: Not visible in homenetwork"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
