site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > how to set a rule Norton personal firewall 2003

Search Topic:
 Uniqs:
730		 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies

robinb

join:2001-02-23
Princeton, NJ

how to set a rule Norton personal firewall 2003

can you explain this to me please on what I should do?

On the norton firewall
Personal firewall
in advanced firewall
General Rules
there is a rule that was originally set to Permit which i changed to Block but i am not sure if i should have- these are the rules set for it:

Defalt Inbound ICMP
Connection: Connections from other computers
Computers: any computers
Connections ICMP
All types of communications: all ports local and remote

Further down there is a rule for
default Block Inbound and Outbound icmp
Connections to and from other computers
computers: any computer
connections icmp
All types of communications- all ports local and remote

Note the only difference between the 1st and the second rule is
"Connection: Connections from other computers"
and it said it is a type of connection of a server application such as web server or ftp/

How come norton had this to permit? since further down there is a in and and out, blocked?

Should I put it back to permit or leave this first one blocked?

thanks
robin
to forum · permalink · 2003-02-10 11:02:00 ·


jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA

I'll get back to this specific question in a few minutes (hopefully).

However, you should be aware that CrazyM (who also posts here) has a set of general guidelines for creating or customizing rules in NIS/NPF (and also AtGuard) posted in the "Other Firewalls" forum at »www.wilderssecurity.com . Unfortunately, I don't seem to be able to access that forum at the moment, so I can't give you the specific URLs. (But I will, when I can.)
--
Regards, Joseph V. Morris

to forum · permalink · 2003-02-10 11:19:59 ·


jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA

reply to robinb
Robin,

I still can't get in on the Wilders Forum, so I'll just
post and annotate my own rules in the interim, okay?
Now, my rules are a bit different from those that
CrazyM has listed, but I have some unique requirements.

said by robinb:

On the norton firewall, ... there is a rule that was
originally set to Permit which i changed to Block but
i am not sure if i should have- these are the rules
set for it:

Default Inbound ICMP
Connection: Connections from other computers
Computers: any computers
Connections ICMP
All types of communications: all ports local and
remote
I don't like that one at all and it's unnecessary
(I assume it's a PERMIT?)
quote:
Further down there
is a rule for
default Block Inbound and Outbound icmp
Connections to and from other computers
computers: any computer
connections icmp
All types of communications- all ports local and remote

Note the only difference between the 1st and the
second rule is
"Connection: Connections from other computers"
Okay, most of us use three rules relating to
ICMP under the General Settings in NIS/NPF (and also
AtGuard). Mine look like the following:
code:
------------------------------------------------------
Rule n          PERMIT Inbound ICMP
Category:       NIS System Keeping
Rule in use:    YES
Logging:        NO
Protocol:       ICMP
Action:         Permit
Direction:      Inbound
Application:    -
ICMP Message Type:
..........: 3  (Destination Unreachable)
..........: 0  (Echo Reply)
..........: 11 (Time Exceeded)
Local  Address: Any Address
Remote service: Any Service
Remote Address: Any Address
 These inbound responses for ICMP allow you
to ping another IP address/URL and then receive the most
typical responses.  You can add ICMP Message Type 8 (see
below) if you wish your own machine to be pingable by
others.
------------------------------------------------------
Rule n+1        PERMIT Outbound ICMP
Category:       NIS System Keeping
Rule in use:    YES
Logging:        NO
Protocol:       ICMP
Action:         Permit 
Direction:      Outbound
Application:    -
Local  service: Any Service
Local  Address: Any Address
ICMP Message Type:
..........: 8  (Echo -- or Echo Request)
..........: 15 (Information Request)
..........: 4  (Source Quench)
..........: 13 (TimeStamp)
Remote Address: Any Address
 These allow you to ping another IP/URL and
should generate a reply, which the preceding rule
can then address. 
------------------------------------------------------
Rule n+2        BLOCK OTHER Inbound and Outbound ICMP
Category:       NIS System Keeping
Rule in use:    YES
Logging:        NO
Protocol:       ICMP
Action:         Block
Direction:      Either
Application:    -
ICMP Message Type: Any
Local  Address: Any Address
Remote service: Any Service
Remote Address: Any Address
------------------------------------------------------
Rule n identifies unsolicited inbound ICMP Messages that are PERMITted. Rule n+1 identifies outbound ICMP Messages that are PERMITted. And Rule n+2 effectively says to BLOCK any other sort of ICMP traffic (inbound or outbound).

There's no particular significance (given their definition) to the sequence in which Rules n and n+1 are actually specified, but it's critical that Rule n+2 follow both of the above, inasmuch as NIS/NPF/AG evaluate rules to determine the action to be taken in the order in which they are physically sequenced in the ruleset.
quote:
and it said it is a type of connection of a server application such as web server or ftp/
Well, that doesn't make any sense at all. ICMP has absolutely nothing to do (necessarily) with a server application per se and certainly with regards to ftp.

CrazyM has his own annotated discussion of these particular rules which is somewhat different from what I've presented above. I could list that, but I'd prefer to leave that option to him.
--
Regards,
Joseph V. Morris

[text was edited by author 2003-02-10 12:20:15]

[text was edited by author 2003-02-10 12:27:15]

[text was edited by author 2003-02-10 12:30:05]
to forum · permalink · 2003-02-10 11:44:17 ·

robinb

join:2001-02-23
Princeton, NJ

ok

robin

to forum · permalink · 2003-02-10 12:09:51 ·


jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA

robin,

I've edited my previous post, but the formatting seems to have gotten blown out -- and it looks like I'll need to edit it again to get all the text back in, (sigh).
--
Regards, Joseph V. Morris

to forum · permalink · 2003-02-10 12:23:41 ·

robinb

join:2001-02-23
Princeton, NJ

reply to robinb
thanks so much

regards
robin

to forum · permalink · 2003-02-10 12:32:38 ·


jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA

reply to robinb
Okay, I finally got back into the Wilders Security Forums.
It's still a bit slow, but here are the four posts that CrazyM posted over there that you may find of interest.
System Wide Rules
»www.wilderssecurity.com/index.ph···did=4413

Global Permit/Block Rules
»www.wilderssecurity.com/index.ph···did=4419

Application Rules
»www.wilderssecurity.com/index.ph···did=4423

Final Block Rules
»www.wilderssecurity.com/index.ph···did=4426

These writeups are currently undergoing revision, with a goal of expanding the general guidance to cover other rules-based firewalls. We have, for example, been soliciting inputs from users of other rules-based software firewalls. More later.
--
Regards, Joseph V. Morris

to forum · permalink · 2003-02-10 17:40:53 ·
Forums > Broadband Tech > Security > Security

Sunday, 03-Jun 19:34:57 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics