CID firewall global rules not loading (already set to proactive)

I just reinstalled CIS(I reinstall it once everyweek literally) because once everyweek usually Saturday I got a bluesceern crash that ruins CIS registry.

Anyway this time CIS doesn’t load its global rules properly(there’s only the echo request) What are the rules so I can add them manually? Thanks

CIS firewall without global rules is the smae as without a firewall

Dude thats crazy, and unacceptable.
What CIS version do you got? Try 3.9 RC2 if you are using 3.8 =)…

BLOCK ICMP Out form IP any to IP any where ICMP message is PROTOCOL UNREACHABLE

BLOCK ICMP In from IP Any to IP Any Where ICMP Message Is 17.0

BLOCK ICMP In from IP Any to IP Any Where ICMP Message Is 13.0

BLOCK ICMP In from IP Any to IP Any Where ICMP Message Is ECHO REQUEST

(STANDARD 3.9 I think, 3.8 however only got one rule by default, and that is the ECHO REQUEST… Could be wrong thou)

Same problem. I have deleted all global rules. Running the wizard does not re-create these default rules. Does anyone has an explanation?

Rules to re-edit, what is the default order: (A)

BLOCK ICMP Out form IP any to IP any where ICMP message is PROTOCOL UNREACHABLE BLOCK ICMP In from IP Any to IP Any Where ICMP Message Is 17.0 BLOCK ICMP In from IP Any to IP Any Where ICMP Message Is 13.0 BLOCK ICMP In from IP Any to IP Any Where ICMP Message Is ECHO REQUEST

or (B)

BLOCK ICMP In from IP Any to IP Any Where ICMP Message Is ECHO REQUEST BLOCK ICMP Out form IP any to IP any where ICMP message is PROTOCOL UNREACHABLE BLOCK ICMP In from IP Any to IP Any Where ICMP Message Is 17.0 BLOCK ICMP In from IP Any to IP Any Where ICMP Message Is 13.0

EDIT: Could I have a print screen of the Global Rules default? Thanks in advance.

I believe this is the new in 3.9 default global rule set.

[attachment deleted by admin]

Thanks Bad Frogger.

When I run the stealth port wizard (all previous global rules deleted) > stealth my port to everyone: it creates a first rule set (let’s call it A)

Allow IP Out From IP Any to IP Any Where Protocol Is Any
Allow ICMP In from IP Any To IP Any Where ICMP Message Is FRAMENTATION NEEDED
Allow ICMP In From IP Any to IP Any Where ICMP Message Is TIME EXCEEDED
Block And Log IP In From IP Any To IP Any Where Protocol Is Any

When I run the stealth port wizard again > Define a new trusted network: it creates another new rules set (let’s call it B)

Allow All Incoming Requests If the Sender Is In [LAN 1]
Allow All Outgoing Requests If the Sender Is in [LAN 1
]

Now, there are these new 4 BLOCK ICPM rules set to add manually (let’s call it C)

Q1. What is the correct order from top to bottom: B/A/C?
Q2. Can I remove some rules or do I need them all (see: print screen)
Q3. What is the purpose in Global rule to have the Loopack Zone (since the PC communicates with himself)?

Print Screen: I have ran the wizard twice: 1. stealth my port, 2. define a trust network (by example: do I still need the rule “Allow IP Out From IP Any to IP Any Where Protocol Is Any” from rule set A, since Allow All Outgoing Requests in LAN1 is present in rules set B?)

Edit: Wrong Print Screen. Now corrected!

[attachment deleted by admin]

I would have set B above set A and forget about C.

The loopback zone doesn’t need to be in global rules.

Allow IP Out From IP Any to IP Any Where Protocol Is Any

is pretty much the same as

Allow All Outgoing Requests If the Sender Is in [LAN 1]

So you could remove one of these 2 rules.

Later

PS. thanks for changing screenie, was confused a little.

The top rule in screenie is that the one for your server, the portable one?
If it is you should use your NIC’s MAC address rather than IP because the IP will change when you move locations.

Alright, thanks.

I wish I could make it simple but I noticed SYSTEM in the Network Application Rules contains exactly the same rules as they figure in Global Rules (see: Print Screen). What purpose to have the same rules in both windows, are they created automatically when you add Global rules with the wizard?

[attachment deleted by admin]

If I am correct assuming LAN2 is your Virtual Box then the Application rules look OK to me.

Not that, I don’t understand the purpose to have the same rules on the Application side and the Global side. Does that mean: anytime I use the Wizard to modify or create Global rules, or even add a Global rule manually, the rules will be duplicated in the Application side under System?

Alright, I deleted System in my Application rules and I delete all my global rules. I ran the stealth ports wizard, created the new Global rules. This time the only System rule created after an Alarm popped-up is:
SYSTEM Allow | UPD | Ou | Any | Any | Any | Any (that’s all)

Q. Why did System in Application rules held a duplicate of all the rules in the Global rules in the first place (see: my last print screen: System rules in the Application Rules)?

No the extra rules for System are because you chose to Trust Zone 1 Zone 2 etc.

So if you trust a Zone it means your System can do all the things Systems do together in the background on a LAN.

Global rules won’t otherwise effect Application Rules.

An example.

If I make a uTorrent Global rule to Allow TCP/UDP in from any IP/port to my IP/MAC on port 44444

uTorrent won’t listen untill I make an Application Rule for uTorrent to Allow the same as above. It won’t happen automatically from making a Global Rule.

Suppose I have an app like uTorrent up and running remote PC’s are connecting to uTorrent.
Now I close uTorrent application. Now you will see the firewall Blocking incoming TCP or UDP to port 44444 System.
How is this?

Global Allow rule lets packet through to next incoming level Application Rules.
Application uTorrent is not running so System is unaware of where to send packet. Because no other running application or System itself has a rule that allows it to receive packets from strangers or that match the rule exactly then the packet is Blocked and the firewall sees it as Application System as mentioned in the Firewall Logs.

:slight_smile:

EDIT: I did not understand the quote above on first reading. I do now. the irrelevant question has been removed.


Now I close uTorrent application. Now you will see the firewall Blocking incoming TCP or UDP to port 44444 System. How is this?

Global Allow rule lets packet through to next incoming level Application Rules.
Application uTorrent is not running so System is unaware of where to send packet. Because no other running application or System itself has a rule that allows it to receive packets from strangers or that match the rule exactly then the packet is Blocked and the firewall sees it as Application System as mentioned in the Firewall Logs.

And that’s great info, thanks. It really helps.

Back to specific topic:

Knowing that I only have 1 rules UDP under system (see: print screen). Do I need to recreate these rules since I have deleted them? What is the catch if I don’t restore them (i.e. currently the rules are only present on the Global rules window)

What is the best way to recreate these rules: A) Delete the My Network Zone and wait for a new auto detection or B) Input the rules manually as they figure in my Global Rules?

PS: :wink: Good point for the remark about one of my print screen above. Until we meet again, the topic is in standby and the rule was just a remaining rule. I will modify it accordingly later on.

[attachment deleted by admin]

Partial Bingo :slight_smile:

I did delete system again in application rules.
I also deleted my 3 Network Zones (Loopback/LAN1/LAN2)
Closed and re-opened CSI
A window popped-up: Accept LAN 1, another one for LAN 2 (nothing about Loopback Zone)

I checked SYSTEM under Application Rules:
a. the rules LAN1 and LAN2 have been re-created.
b. the Loopback rule is missing.

Q1. Is the Loopback Zone creation not automatic (it was the first time I have installed CSI 3.9)?

Q2. What do I enter in the My Network Zones for the Loopback IP/Mask? (127.0.0.1/255.0.0.0)?

Q3. What do I need a Loopback Zone for?

Thanks.