Archived from groups: rec.games.computer.ultima.dragons (
More info?)
On Fri, 20 May 2005 10:17:08 GMT, pibbur <oopsREMOVETHISANDxx.000xx@tele2xx.xxno> wrote:
>On Fri, 20 May 2005 11:52:34 +0200, Polychromic <macecil@comcast.net>
>wrote:
>> Kerio 2.15 is the one I use. It's lightweight and allows me to
>> explicitly
>> create the rules I need. It takes a bit of configuring - start with the
>> basic rule set and add a rule to "block everything" to the bottom. Then
>> each time you set up a new approved application, toggle off the "block
>> everything" rule and it will prompt you through creating a rule for the
>> new app. Once each new rule is made you can toggle the "block
>> everything"
>> rule back on.
>>
>> If you need it, I can go into detail on my own rules.
>>
>If it's not too much trouble, I'd like that.
Hmmm, I guess I will make my linelength longer so my table stays nice. I hope
your newsreader can do >80 chars and handles tabs okay.
Okay, after you install Kerio 2.15 <http://www.kerio.com/dwn/kpf2-en-win.exe>
it will want to reboot. After that, it you should have a little blue shield
icon in the systray. Right click on that and choose administration, then
click on the advanced button to get to the screen where you can enter the rules.
If you want the manual, you can get it here: http://eu.download.kerio.com/dwn/kpf/kpf21-en-v1.pdf.
Also, a very useful FAQ is here:
http://www.dslreports.com/faq/security/2.5.1.%20Kerio%20and%20pre-v3.0%20Tiny%20PFW
Since I use a rule to block everything, I only add rules for things I want to allow.
Remember, rule order is critical - the rules at the top are followed first. That's why the
catchall "block everything" rule is last.
Rule name Protocol Dir Local Port Remote IP Remote Port Application
========= ======== === ========== ========= =========== ===========
Loopback udp/tcp both any 127.0.0.1 any any
(standard loopback rule).
DNS 1 udp both any (DNS server IP) 53 any
DNS 2 udp both any (DNS server IP) 53 any
(allow PC connect to DNS servers).
DHCP server/router udp both 68 192.168.1.1 67 any
DHCP broadcast udp out 68 255.255.255.255 67 any
(allow PC to get DHCP lease from server or router - replace 192.168.1.1 as needed).
Ping (outgoing) ICMP 8 out any any any any
Ping (reply) ICMP 0 both any any any any
(some online games, websites, ftp, etc need ping to work.)
Tracert (incoming) ICMP 11 in any any any any
(if you want to be able to run tracert).
LSA Shell (Kerberos) udp both any any 88 c:\windows\system32\lsass.exe
LDAP (Winlogon) tcp out any any 389 c:\windows\system32\winlogon.exe
LSA Shell (LDAP) udp both any any 389 c:\windows\system32\lsass.exe
Userinit Logon (LDAP) tcp out any any 389 c:\windows\system32\userinit.exe
Microsoft-DS tcp out any any 445 system
Gen Host Prc for W32 udp/tcp out any any any c:\windows\system32\svchost.exe
Gen Host Prc for W32 udp in any any any c:\windows\system32\svchost.exe
App Layer Gateway tcp out any any 21 c:\windows\system32\alg.exe
NTP Time Sync udp both 123 any 123 c:\windows\system32\svchost.exe
(various Windows processes that need to work).
<apps follow here>
Eudora tcp out any any 110,25,995,465 c:\program files\eudora\eudora.exe
..
.. etc
..
Firefox tcp out any any 80,443 c:\program files\firefox\firefox.exe
<final and most important rule>
Block all any both any any any any <-set to deny
That's it for my basic rules. Obviously there are more bells and whistles on KPF to figure out though.
--
The Polychromic Dragon of the -=={UDIC}==-
http://home.comcast.net/~macecil/
http://home.comcast.net/~safehex/
RGCUD Photo Gallery: http://home.comcast.net/~rgcud/