Author Topic: Kerio settings (post and discuss Kerio Firewall settings)  (Read 22958 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Kerio settings (post and discuss Kerio Firewall settings)
« on: November 20, 2005, 01:39:15 PM »
I now have all inbound connections blocked, including 'all other applications'.
Can you post your settings for Kerio?
Can other users of Kerio do the same? Maybe we can have here a place to join info about this firewall and not only at other forums (like Wilders, for instance).
Thanks.
The best things in life are free.

Offline YLAP

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2118
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #1 on: November 20, 2005, 01:46:14 PM »
I'm gonna be the first poster.  ;D

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #2 on: November 20, 2005, 01:51:03 PM »
Thanks Ylap, but not only these ones... but also the 'Advanced' settings like packet filters, Network Security/Predefined's, etc.
I'm trying to learn the best 'set' of configurations... right now, not that sure about any of them... learning only.
The best things in life are free.

Offline YLAP

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2118
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #3 on: November 20, 2005, 01:59:00 PM »
Your wish is my command!  ;D
« Last Edit: November 20, 2005, 02:01:46 PM by =YLAP= »

Jarmo P

  • Guest
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #4 on: November 20, 2005, 02:26:44 PM »
I think this is not a bad idea Tech ;)
So here are my packet filter rules.

As to other settings: Application, Internet In denied.
Since I dont have a LAN, trusted one is the same for "In", denied.
Only exception is Yahoo Messenger that I allow both ways connections.
Even Skype seems not to need "In", must be statefull packet inspection or something.

In 'Predefineds' only neccessary default pings are allowed, all else denied.
In Trusted I have the default loopback rule, nothing else checked.
In Application Behaviour Blocking I have set IE to asked when first starting it.

That is about it that comes to mind writing this.

Jarmo P

  • Guest
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #5 on: November 20, 2005, 02:36:52 PM »
The above rules are based on Blitzen Zeus's latest standard ruleset. I mention this since the pic cannot contain all the nessessary information.
http://www.broadbandreports.com/forum/remark,8023708

Also 'own DHCP' to svchost only. Propably 'own DNS' could be that too I think, but now allows all the applications still.
Not sure if I need DHCP Broadcasts rule.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #6 on: November 20, 2005, 03:02:41 PM »
I think this is not a bad idea Tech ;) So here are my packet filter rules.
Still can't find where I can export the BlitzenZeus's rules and import to mine...
Do I need to make rule by rule manually?  :-\

In 'Predefineds' only neccessary default pings are allowed, all else denied.
In Trusted I have the default loopback rule, nothing else checked.
In Application Behaviour Blocking I have set IE to asked when first starting it.
I will test this as, last time, some of these settings blocked my browsing, I could not find which one...
The best things in life are free.

Jarmo P

  • Guest
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #7 on: November 20, 2005, 03:14:03 PM »
I made them manually, what a paintaking accuracy job :( 
Somehow I could not import BZ's ruleset via Kerio 4 "Import" button. Might be just my ignorance. To Kerio 2.1.5 the rules were imported from a file.

I am not really sure, if that manual building was needed.  ;)

Edit:
I rememeber vaquely, that trying to import Kerio 2.1.5 config, gave me some error. So i thought, an error, hmmm, lets make it manually. It might have saved time if just accepting that error. But hey, I made my firewall, hehe.
« Last Edit: November 20, 2005, 03:35:39 PM by Jarmo P »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48469
  • 63 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #8 on: November 20, 2005, 04:34:06 PM »
A question???
Does it really make sense to discuss a defunct Firewall?
Kerio personal is being discontinued as of the end of this year.
Wouldn't it be much wiser to discuss which Firewall to switch to?
An outdated Firewall which already has some problems is as bad as
using an AV program that's no longer being updated. IMHO
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Jarmo P

  • Guest
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #9 on: November 20, 2005, 04:52:09 PM »
LOL bob, I switched to Kerio 4.2.2 just cause it was announced to be stopped after this year.
I knew it was a good firewall, so I had to try it when it was still in sell, to get a copy to my HD and familiar with it.

There is no need for the current Kerio free users to switch to another firewall IMO.

So let's keep this thread to what Tech intended it.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #10 on: November 20, 2005, 05:40:33 PM »
My settings for Kerio are the default ones, appart from the application rules. (I want a firewall which works 'out of the box'.)

My application rule for 'any other application' is set to block: most applications don't need to accept incoming connections.

(I don't run a server or host online games or do any other stuff that requires incoming connections.)

I've seen some of the rule sets people use for Kerio 2.1.5, but none of that is necessary for 4.2.2. And for anybody not wanting to worry about application rules, the firewall in simple mode doesn't require you to set any.

I think the firewall will still continue to work after the end of the year, unless somebody finds a hole in it. I guess the intrusion detections won't be updated, but I'm not sure how that'll affect security. The free version of Sygate doesn't even have intrusion detection yet a lot of people are happy with it.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Jarmo P

  • Guest
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #11 on: November 20, 2005, 06:43:50 PM »
Quote
I've seen some of the rule sets people use for Kerio 2.1.5, but none of that is necessary for 4.2.2. And for anybody not wanting to worry about application rules, the firewall in simple mode doesn't require you to set any.

Agreed Frank. It is very easy to use Kerio 4 as just an application rule firewall. I though would use the new application getting asked approach.

By creating packet filter rules like in my post you get to control/see more what is going on rather than have Kerio do it for yourself automatic and propably as safe. Only it does not log so much and I am interested :P

Kerio's default settings and application rules might be even safer since you can make big mistakes by creating bad packet filter rules either by mistake or misknowledge.
Still I think it is a nice feeling having a tight filter ruleset that is easy take in use or unckeck anytime wanted. Especially since Kerio is to be discontinued.
Also I wanted to tell from my own experience how much can be disabled from the default settings by creating a basic packet filter ruleset from BZ origin.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #12 on: November 20, 2005, 07:47:43 PM »
It is very easy to use Kerio 4 as just an application rule firewall. I though would use the new application getting asked approach.
Kerio's default settings and application rules might be even safer since you can make big mistakes by creating bad packet filter rules either by mistake or misknowledge.
Isn't the packet filter rules add nothing on security bases to the application rules?
As far I understood, the two methods are excludents, you must choose one...  :-\
The best things in life are free.

Jarmo P

  • Guest
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #13 on: November 20, 2005, 08:06:22 PM »
Quote
As far I understood, the two methods are excludents, you must choose one...  Undecided

I dont think you need to choose. It is about making a match in a firewall rules about outgoing and incoming data packets basically.

 From the Kerio Help file, Firewall policy:

1. Intrusion detection system (IDS — refer to chapter Network Intrusions Prevention System (NIPS))

2. Stateful inspection of the network traffic (automatically lets in/out packets which belong to permitted connections — see chapter Firewall Behavior),

3. Internal rules for Kerio Personal Firewall components — i.e. permission to access a web server in order to check and download new versions of the program

4. Advanced packet filter rules (see chapter Advanced Packet Filter)

5. Predefined network security rules (see chapter Network Security Predefined Rules)

6. Application rules (more information in chapter Rules for Applications)

So the packet filter rules are applied first before 'Predefineds' or 'Application rules'. But if no match is made in packet filter rules, and you imagine somehow that the default settings are too loose, why not disable them as much as you can? As i do. Here is an opinion of sded, same as mine, the 2 are not exclusives ;)
http://www.broadbandreports.com/forum/remark,14826751




Umath

  • Guest
Re: Kerio settings (post and discuss Kerio Firewall settings)
« Reply #14 on: November 20, 2005, 09:41:59 PM »
Yes, Kerio 4.x is friendly to both ex 2.x users and new users.  I am using mainly packet filter rules simply because I was a 2.x user.  However, I know combining the rules with other rules would make things easier, which is mainly the matter of preference of each user.  For example, I could put all the internet related apps in application rules and allow them all of their in/outbound connections in trusted area, while leave loopback in Trusted Area tub checked.  Even in this case, I could configure the details of those apps in packet filter rules.  However, this doesn't mean my current Kerio 2.x style configuration is broken.  A good thing about home-baked rules is that they can be optimized for our personal environments and once we established them, we don't need to touch them often.

According to Jarmo P's list, only #3 is not allowed users to configure.  I think Kerio is one of the most configurable firewall applications.  Partly because of this, I think Kerio is a good app to let users understand how network connections work.
« Last Edit: November 20, 2005, 09:43:51 PM by Umath »