Re: Problem with Kerio - please help!

From: Alan Illeman (illemann_at_surfbest.net)
Date: 05/25/04 

Date: Tue, 25 May 2004 17:37:14 -0400

X-No-archive: yes

"John Latter" <jorolat@aol.com> wrote in message
news:20040525121525.05832.00001851@mb-m03.aol.com...
>
[snip]
>
> Thanks for replying Alan but I really am hopeless at this. I thought I
might
> have saved my settings some time ago and in the process of reloading I
managed
> to lose all of my rules.
>
> Consequently I'm starting from scratch again but I don't know which to
deny so
> I'm permitting everything.
>
> Could you tell me how to create a "Block All" rule please?

You don't really want a rule to block all, do you? When you install Kerio
2.1.5
it suggests some rules, and you can modify/add to those. Also use some/all
the
rules that I provided. I was 'hopeless' at first, but I just read and
studied and
improved.

Additionally to the rules I suggested, make sure that
Administration->Advanced->
Miscellaneous->Log into file - is enabled. Also enable "Log Packets
Addressed
To Unopened Ports" and "Log Suspicious Packets"

dslreports has a file "section 2_5_1_Kerio and pre-v3_0 PFW" providing some
tips for using Kerio 2.1.5, but some of them don't work for me. For example,
it
suggests that after the permitted ICMP rules, you place a rule that denies
all types.
It also suggest that the order of the rules is very important, and again, I
disagree.

Keep off the internet until you are completely satisfied with the integrity
of your
firewall, and stay with newsgroups for a while. I stayed off for 3 days -
but I'm
a slow learner ;-) Better to have too many rules, at first. Set them to log
the results
and study the log file: Firewall Status -> Logs -> Firewall Log. Before you
rightclick
on the log file window, to clear it, save the contents of c:\Program
Files\Kerio\
Personal Firewall\filter.log - to another text file, as a permanent record.

Some other firewalls may be 'better' but what ever firewall you use, you'll
eventually have to understand the protocols. I started out with Kerio 4
(even
bought a licence) - but now prefer Kerio 2.1.5

You can also email me if you wish ( replace illemann with alananne ).