robinb
join:2001-02-23
Princeton, NJ | how to set a rule Norton personal firewall 2003 can you explain this to me please on what I should do?
On the norton firewall
Personal firewall
in advanced firewall
General Rules
there is a rule that was originally set to Permit which i changed to Block but i am not sure if i should have- these are the rules set for it:
Defalt Inbound ICMP
Connection: Connections from other computers
Computers: any computers
Connections ICMP
All types of communications: all ports local and remote
Further down there is a rule for
default Block Inbound and Outbound icmp
Connections to and from other computers
computers: any computer
connections icmp
All types of communications- all ports local and remote
Note the only difference between the 1st and the second rule is
"Connection: Connections from other computers"
and it said it is a type of connection of a server application such as web server or ftp/
How come norton had this to permit? since further down there is a in and and out, blocked?
Should I put it back to permit or leave this first one blocked?
thanks
robin |
|
 jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | I'll get back to this specific question in a few minutes (hopefully).
However, you should be aware that CrazyM (who also posts here) has a set of general guidelines for creating or customizing rules in NIS/NPF (and also AtGuard) posted in the "Other Firewalls" forum at »www.wilderssecurity.com . Unfortunately, I don't seem to be able to access that forum at the moment, so I can't give you the specific URLs. (But I will, when I can.)
--
Regards, Joseph V. Morris |
|
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA
| reply to robinb
Robin,
I still can't get in on the Wilders Forum, so I'll just
post and annotate my own rules in the interim, okay?
Now, my rules are a bit different from those that
CrazyM has listed, but I have some unique requirements.
said by robinb:
On the norton firewall, ... there is a rule that was
originally set to Permit which i changed to Block but
i am not sure if i should have- these are the rules
set for it:
Default Inbound ICMP
Connection: Connections from other computers
Computers: any computers
Connections ICMP
All types of communications: all ports local and
remote
I don't like that one at all and it's unnecessary
(I assume it's a PERMIT?)
quote:
Further down there
is a rule for
default Block Inbound and Outbound icmp
Connections to and from other computers
computers: any computer
connections icmp
All types of communications- all ports local and remote
Note the only difference between the 1st and the
second rule is
"Connection: Connections from other computers"
Okay, most of us use three rules relating to
ICMP under the General Settings in NIS/NPF (and also
AtGuard). Mine look like the following:
code:
------------------------------------------------------
Rule n PERMIT Inbound ICMP
Category: NIS System Keeping
Rule in use: YES
Logging: NO
Protocol: ICMP
Action: Permit
Direction: Inbound
Application: -
ICMP Message Type:
..........: 3 (Destination Unreachable)
..........: 0 (Echo Reply)
..........: 11 (Time Exceeded)
Local Address: Any Address
Remote service: Any Service
Remote Address: Any Address
These inbound responses for ICMP allow you
to ping another IP address/URL and then receive the most
typical responses. You can add ICMP Message Type 8 (see
below) if you wish your own machine to be pingable by
others.
------------------------------------------------------
Rule n+1 PERMIT Outbound ICMP
Category: NIS System Keeping
Rule in use: YES
Logging: NO
Protocol: ICMP
Action: Permit
Direction: Outbound
Application: -
Local service: Any Service
Local Address: Any Address
ICMP Message Type:
..........: 8 (Echo -- or Echo Request)
..........: 15 (Information Request)
..........: 4 (Source Quench)
..........: 13 (TimeStamp)
Remote Address: Any Address
These allow you to ping another IP/URL and
should generate a reply, which the preceding rule
can then address.
------------------------------------------------------
Rule n+2 BLOCK OTHER Inbound and Outbound ICMP
Category: NIS System Keeping
Rule in use: YES
Logging: NO
Protocol: ICMP
Action: Block
Direction: Either
Application: -
ICMP Message Type: Any
Local Address: Any Address
Remote service: Any Service
Remote Address: Any Address
------------------------------------------------------
Rule n identifies unsolicited inbound ICMP Messages that are PERMITted. Rule n+1 identifies outbound ICMP Messages that are PERMITted. And Rule n+2 effectively says to BLOCK any other sort of ICMP traffic (inbound or outbound).
There's no particular significance (given their definition) to the sequence in which Rules n and n+1 are actually specified, but it's critical that Rule n+2 follow both of the above, inasmuch as NIS/NPF/AG evaluate rules to determine the action to be taken in the order in which they are physically sequenced in the ruleset.
quote:
and it said it is a type of connection of a server application such as web server or ftp/
Well, that doesn't make any sense at all. ICMP has absolutely nothing to do (necessarily) with a server application per se and certainly with regards to ftp.
CrazyM has his own annotated discussion of these particular rules which is somewhat different from what I've presented above. I could list that, but I'd prefer to leave that option to him.
--
Regards,
Joseph V. Morris
[text was edited by author 2003-02-10 12:20:15]
[text was edited by author 2003-02-10 12:27:15]
[text was edited by author 2003-02-10 12:30:05] |
|
robinb
join:2001-02-23
Princeton, NJ | ok 
robin |
|
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | robin,
I've edited my previous post, but the formatting seems to have gotten blown out -- and it looks like I'll need to edit it again to get all the text back in, (sigh).
--
Regards, Joseph V. Morris |
|
robinb
join:2001-02-23
Princeton, NJ | reply to robinb
thanks so much
regards
robin |
|
|
|
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | reply to robinb
Okay, I finally got back into the Wilders Security Forums.
It's still a bit slow, but here are the four posts that CrazyM posted over there that you may find of interest.
System Wide Rules
»www.wilderssecurity.com/index.ph···did=4413
Global Permit/Block Rules
»www.wilderssecurity.com/index.ph···did=4419
Application Rules
»www.wilderssecurity.com/index.ph···did=4423
Final Block Rules
»www.wilderssecurity.com/index.ph···did=4426
These writeups are currently undergoing revision, with a goal of expanding the general guidance to cover other rules-based firewalls. We have, for example, been soliciting inputs from users of other rules-based software firewalls. More later.
--
Regards, Joseph V. Morris |
|
