Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Rule for Black (White) List
  •  
yoyo

Messages: 5
Karma: 0
Send a private message to this user
first sorry my poor english, still keep trying .... Cool

i want to set up a black list of hosts.
if a host is a member of this list, absolutly no trafic
from or to this host should be possible.

i now want to ask if someone has suggestions (and may be kerio
will work on a predifined set of rules for blocking one or more hosts completly).

i've done the following:

first: create a adress group called "blocked hosts"
members of this groups are hosts i completly want to block

second create two rules, one for incoming and one for outgoing
traffic:
a) name: "blocked hosts incoming"
source: "blocked hosts"
destination: any
service: any
action: drop
translation: none

b) name: "blocked hosts outgoing"
rest as above, but changed source to any and destination to "blocked hosts"

at least, the two rules are now at the top of my ruleset.

did i make it correct?

i'm also thinking about a white host list and also some rules ...

and, if kerio will work on something like this, it would be a very very good idea to implemnet something like to "transfer" an ip-adress from the logs / alert messages with a mouseclick into the black list (white list).


talking about whishes:
not to forget:
i want to print out my rule sets! (need for documentation!)
i want to print out other things like adress groups, services, etc.
i want to have the possibility to to save AND (re-)load rulesets from a file (e.g. creating new rule set by running the assistant, then loading some previously saved rules).


[Updated on: Sun, 28 November 2004 21:29]

  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
i want to print out my rule sets! (need for documentation!)

Check the file winroute.cfg (xml style). The rules are there.

i want to print out other things like adress groups, services, etc.

Print the file winroute.cfg.

i want to have the possibility to to save AND (re-)load rulesets from a file (e.g. creating new rule set by running the assistant, then loading some previously saved rules).

Work-around. Edit the winroute.cfg file (first stop service, make a backup, edit file, start service).
  •  
yoyo

Messages: 5
Karma: 0
Send a private message to this user
no no no ....

printting things is something very basic.
i do not accept that i / my customers buy software and then there is nothing lik file|print|....

what you suggest is something for it kiddis but not for professionals ....

of course, the main function of winroute is the firewall and nat module, but if you ask me whats more important, an "up-to-date" interface with colorfull "3D" icons or the option to print my configuration ?

so again, please kerio, investigate some hours and include options like file save, file print, or edit undo. this is a must for any comerical software.

btw, i'm not sure, but for me it looks like there is a esential problem with kerio wrfw during the update process:

ok, download a new update and click on "install after download" ...
the question is:
when installing a newer version of wrfw, the setup first disables the current running version. and exact at this time the computer is no longer protected until the new version is installed and the service restartet.
if, before the current running service is stopped, the nic-interface pointing to the internet is disabled, it would be safe. after the interface is disabled the setup can continuing and at the end of the setup, after the new service is enabled, it can enable the nic interface.

does anyone know how it works in reality?
i do have to know this because on some local internet carriers here there are a lot of scripting-kidds, or with other words,
a computer running NO firewall is infected within a few SECONDS.

Previous Topic: NIS conflict...
Next Topic: different behaviour than WinRoute Pro?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 12:35:33 CET 2017

Total time taken to generate the page: 0.00357 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.