Custom Tiny Personal Firewall (TPF) Unofficial FAQ Rules Tiny Personal Firewall version 2.0.15 - 03 January 2002 (These Rules also work in Kerio Personal Firewall version 2.1.0 beta 5) -------------------------------------------------------------------------------- What are some basic set of rules for TPF? (Notify) means => Display alert box (checkbox). (Logged) means => Log when this rule match (checkbox). Notes: Rule 1 is the default rule of Tiny Firewall for loopback. Rule 2 - 3 are your NetBIOS blocks. Enter them as displayed. Even if you have removed NetBIOS from your Network applet, these will serve to "Notify" you of any attempts. (Of course, this assumes you are NOT legitimately using NetBIOS on your system.) Rule 4 - 5 allow any application to connect to your Domain Name Servers. If your ISP uses 4 different servers, yours may add and use more or less. Rule 6 - 10 are the balance of the ICMP rules. Enter them as displayed. Rule 11 blocks and logs every requests issued to your computer on common ports : FTP, HTTP, POP3, SMTP, Telnet, NetBios, etc. Rule 12 - 15 are more (AtGuard Default) rules. But you can use for Tiny Firewall now. Once the Trojan Port Blocking rules are activated, these can be deactivated or deleted as they provide duplicate coverage. (I don't use) Rule 16 - 17 are the Low and High Trojan Port Blocking rules. Make sure they are set to Log all occurrences. Later you can examine your logs for any programs that are legitimately trying to use these ports. High/Low Trojan Port Blocking rules are not required. But they do "enhance" security, at the cost of increased nuisance. (I don't use) Rule 18 - 21 are the "application specific" rules. In general, you'll write one or two rules for each application that you want to access the internet. Rule 22 blocks and logs every unwanted UDP/TCP requests issued from your PC (could be a trojan, a worm...), this rule disables the learning option (unknown outgoing request). Rule 23 is the "Block Everything" rule. Enter it as shown but don't enable it until all of the "kinks" are out of your ruleset. Let the Rule Assistant (ask for action when no rule is found) work for you to show you where problems are occurring. = = = = = = = = = = = = = = = = RULE 1: Description: Loopback Protocol: TCP and UDP Direction: Both Local Port: Any Local App.: Any Remote Address Type: Single Host address: 127.0.0.1 Port type: Any Action PERMIT = = = = = = = = = = = = = = = = RULE 2: Description: Block Inbound NetBIOS TCP UDP (Notify) Protocol: TCP and UDP Direction: Incoming Port type: Port/Range First Port: 137 Last Port: 139 Local App.: Any Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 3: Description: Block Outbound NetBIOS TCP UDP (Notify) Protocol: TCP and UDP Direction: Outgoing Local Port: Any Local App.: Any Remote Address Type: Any Port type: Port/Range First Port: 137 Last Port: 139 Action DENY = = = = = = = = = = = = = = = = RULE 4: Description: ISP Domain Name Server Any App UDP Protocol: UDP Direction: Both Local Port: Any Local App.: Any Remote Address Type: Single Host address: (Your ISP DNS) IP number Port type: Single Port number: 53 Action PERMIT = = = = = = = = = = = = = = = = RULE 5: Description: Other DNS Protocol: TCP and UDP Direction: Both Local Port: Any Local App.: Any Remote Address Type: Any Port type: Single Port number: 53 Action DENY = = = = = = = = = = = = = = = = RULE 6: Description: Out Needed To Ping And TraceRoute Others Protocol: ICMP Direction: Outgoing ICMP Type: Echo Remote Endpoint: Any Action PERMIT = = = = = = = = = = = = = = = = RULE 7: Description: In Needed To Ping And TraceRoute Others Protocol: ICMP Direction: Incoming ICMP Type: Echo Reply, Destination Unreachable, Time Exceeded Remote Endpoint: Any Action PERMIT = = = = = = = = = = = = = = = = RULE 8: Description: In Block Ping and TraceRoute ICMP (Notify) Protocol: ICMP Direction: Incoming ICMP Type: Echo Remote Endpoint: Any Action DENY = = = = = = = = = = = = = = = = RULE 9: Description: Out Block Ping and TraceRoute ICMP (Notify) Protocol: ICMP Direction: Outgoing ICMP Type: Echo Reply, Destination Unreachable, Time Exceeded Remote Endpoint: Any Action DENY = = = = = = = = = = = = = = = = RULE 10: Description: Block ICMP (Logged) Protocol: ICMP Direction: Both ICMP Type: Echo Reply, Destination Unreachable, Source Quench, Redirect, Echo, Time Exceeded, Parameter Prob, Time Stamp, Time StampReply, Info Request, Info Reply, Address, Address Reply, Router Advertisement, Router Solicitation (ALL) Remote Endpoint: Any Action DENY = = = = = = = = = = = = = = = = RULE 11: Description: Block Common Ports (Logged) Protocol: TCP and UDP Direction: Incoming Port type: List of Ports Local App.: Any List of Ports: 113,79,21,80,443,8080,143,110,25,23,22,42,53,98 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 12: Description: Back Orifice Block (Logged) Protocol: TCP and UDP Direction: Incoming Port type: List of Ports Local App.: Any List of Ports: 54320,54321,31337 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 13: Description: Netbus Block (Logged) Protocol: TCP Direction: Incoming Port type: List of Ports Local App.: Any List of Ports: 12456,12345,12346,20034 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 14: Description: Bootpc (Logged) Protocol: TCP and UDP Direction: Incoming Port type: Single port Local App.: Any Port number: 68 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 15: Description: RPCSS (Logged) Protocol: UDP Direction: Incoming Port type: Single port Local App.: Any Port number: 135 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 16: Description: Block Low Trojan Ports TCP UDP (Notify) Protocol: TCP and UDP Direction: Both Port type: Port/range Local App.: Any First port number: 1 Last port number: 79 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 17: Description: Block High Trojan Ports TCP UDP (Notify) Protocol: TCP and UDP Direction: Both Port type: Port/range Local App.: Any First port number: 5000 Last port number: 65535 Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 18: Description: Internet Explorer-Web browsing Protocol: TCP Direction: Outgoing Port type: Any Local App.: Only selected below => iexplore.exe Remote Address Type: Any Port type: Any Action PERMIT = = = = = = = = = = = = = = = = RULE 19: Description: Outlook Express Protocol: TCP Direction: Outgoing Port type: Any Local App.: Only selected below => msimn.exe Remote Address Type: Any Port type: List of ports List of ports: 25,110,119,143 Action PERMIT = = = = = = = = = = = = = = = = RULE 20: Description: ICQ Web Access Block Protocol: TCP and UDP Direction: Outgoing Port type: Any Local App.: Only selected below => icq.exe Remote Address Type: Any Port type: Single port List of ports: 80 Action DENY = = = = = = = = = = = = = = = = RULE 21: Description: ICQ Application Protocol: TCP Direction: Outgoing Port type: Any Local App.: Only selected below => icq.exe Remote Address Type: Any Port type: Single port List of ports: 5190 Action PERMIT = = = = = = = = = = = = = = = = RULE 22: Description: Block Outbound Unauthorized Apps TCP UDP (Notify) Protocol: TCP and UDP Direction: Outgoing Port type: Any Local App.: Any Remote Address Type: Any Port type: Any Action DENY = = = = = = = = = = = = = = = = RULE 23: Description: Block Inbound Unknown Apps TCP UDP (Notify) Protocol: TCP and UDP Port type: Any Local App.: Any Remote Address Type: Any Port type: Any Action DENY If you are on a LAN you might need to allow NetBIOS to and from computers on your LAN. You should insert two rules before rule 2 and 3: RULE 2a: Description: Trusted Inbound NetBIOS TCP UDP Protocol: TCP and UDP Direction: Incoming Port type: Port/Range First Port: 137 Last Port: 139 Local App.: Any Remote Address Type: Trusted Address Group Port type: Any Action PERMIT = = = = = = = = = = = = = = = = RULE 3b: Description: Trusted Outbound NetBIOS TCP UDP Protocol: TCP and UDP Direction: Outgoing Local Port: Any Local App.: Any Remote Address Type: Trusted Address Group Port type: Port/Range First Port: 137 Last Port: 139 Action PERMIT = = = = = = = = = = = = = = = = And you should enter your local IP addresses in the Trusted Address Group list. Source: Unofficial Tiny Personal Firewall FAQ (v2.0.15)