Norton internet sec pro

[fabio]

Archived from groups: comp.security.firewalls (More info?)

On Duty,

I would like to set some fw rules on the norton internet sec pro :
i did set in this way "block" "from" "tcp and udp" "show notification"

i moved this new rule at the top

so i restarted the pc and then launch the fw;
the rule i insterted was always on the top.
i could not do anything and i had to remove the rule.

what did i set wrongly ?

thanks

rgds,fabio

 

[user]

Archived from groups: comp.security.firewalls (More info?)

Hi,

fabio wrote:

> On Duty,
>
> I would like to set some fw rules on the norton internet sec pro :
> i did set in this way "block" "from" "tcp and udp" "show notification"
From IP or Web Address ?
Which ports ? ALL ????

> i moved this new rule at the top
>
> so i restarted the pc and then launch the fw;
> the rule i insterted was always on the top.
> i could not do anything and i had to remove the rule.
>
> what did i set wrongly ?

You told it to Block All TCP and UDP.
If it is defined further to ANY Port and ANY Address then you wouldn't
be able to do anything.

> thanks
>
> rgds,fabio

I'm not sure if your NIS Pro is the same as my NIS 1.0 but it is based
on ATGuard as is mine.

I would suggest a Block All Rule at the end of the Rules List.
NIS is ATGuard and that last Blocking Rule was a must in AtGuard.
If you read in you Help files you'll see it does not come right out and
tell directly to use one but it does suggest it in so many words.

This has to do with Auto-Rule Making and some UDP's getting through the
FW without being Logged.

NIS doesn't block all UDP's in the "Unused port blocking" or "Implicit
block rule"
And what's more it will not show up in the Log unless you make a Rule to
Log it.

Make a Ignore Rule to Log all UDP at the end of your list to see what
gets by.


Kevin