Hi, I have just started testing CPF (2.3.6.81) as a possible replacement for
Outpost Pro, which I have been using for a number of years. My reason for change
is simple, Outpost has become slightly bloated, with applets for which I have
little use.
Having installed CPF I have a few questions relating to rule configuration that
I hope someone can help me with. Basically I would like to create a secure rule
set, with as few ‘global’ rules as possible.
If my understanding is correct, Network rules are ‘global’ in nature, that is,
they apply to any application that may wish to use them? For example:
These are rules I have added:
First rule is for DHCP
0-Allow-UDP Out-[Any]-255.255.255.255-src port 68 dest port 67
Next two rules are for DNS
1-Allow-UDP Out-[Any]-My ISP DNS SVR 1-src port ANY dest port 53
2-Allow-UDP Out-[Any]-My ISP DNS SVR 2-src port ANY dest port 53
The first rule would allow SVCHOST to obtain and renew a DHCP lease, and the two
DNS rules would allow ‘ANY’ application to perform a DNS query? By the way, I
have the DNS client service disabled.
Therefore, if I wanted to ‘harden’ the DNS rules I could remove them from the
‘Network rules’ section and apply them specifically to the applications I wish to allow
to make these kinds of queries? As another example, my Firefox and proxo rules, would be:
Firefox.exe-127.0.0.1-8080-TCP Out-Allow
(This allows Firefox to communicate wit Proxo and not directly with the Internet)
Firefox.exe-[ANY]-[ANY]-TCP Out-Block
Firefox.exe-[ANY]-[ANY]-UDP Out-Block
(These would prevent any other outbound connections)
Proxomitron.exe-[My ISP DNS SVR 1]-53-UDP Out- Allow
Proxomitron.exe-[My ISP DNS SVR 2]-53-UDP Out- Allow
(These rules allow Proxo to make DNS queries)
Proxomitron.exe-[ANY]- IN [80,443,]-TCP Out- Allow
(This rule allows Proxo to access web pages)
Proxomitron.exe-[ANY]-[ANY]-TCP Out-Block
Proxomitron.exe-[ANY]-[ANY]-UDP Out-Block
(These two rules would prevent any other outbound connections)
I appreciate this would require a lot more work, but it does give me more
control over what applications can do, assuming, that is, I have this
configuration correct?
IF I am on the correct path here, How would CPF process these application rules,
as there appears no way to specifically order the processing order, as there is
with Network rules?
A similar situation would be true for Thunderbird, where I would want to list
the specific SMTP and POP servers to which it can send and receive mail, but as
I have several mail accounts, I assume I would need seperate rules for each
server. How would CPF deal with the processing of rules such as this?
Thanks for taking the time to read and help.