AtGuard/NIS System Wide/General Rules

The following are some examples of rules that would be used in the System Wide Settings portion of Internet Access Control in some versions of NIS/NPF and General Rules in NIS2003, and should be placed at the top of the rule set.

Creating a System Wide/General Rule (pg.1a)

These rules would generally be in the order shown below:

Rule examples here were made with NIS v.4 which permits multiple remote addresses in a rule. Those using earlier version would have to make individual rules for each remote address.

***Note: Denotes any comments on the rule.

Monitor/Logging Rules

Rule xx Monitor/Log Only XXX.exe Traffic
Category: NIS System Keeping
Rule in use: Yes
Logging: Log Entry
Protocol: TCP or UDP
Action: Ignore
Direction: Either
Application: (XXX application)
..........Path: c:\program files\XXX\xxx.exe
.......SHA1: xx xx xx xx xx xx xx
Local Service: Any Service
Local Address: Any Address
Remote Service: Any Service
Remote Address: Any Address

***Note: An example monitor/log only rule for a specific application that could be created to monitor traffic to later customize existing rule(s) for that application.

| Top |

Global Permit/Block Rules

Rule xx Permit LAN Traffic
Category: NIS System Keeping
Rule in use: Yes
Logging: No
Protocol: TCP or UDP
Action: Permit
Direction: Either
Application: Any Application
Local Service: Any Service
Local Address: Any Address
Remote Service: Any Service
Remote Address: (IPGroup xx)
......................IP: 192.168.1.xxx
......................IP: 192.168.1.xxx

***Note: An example of a common global permit rule for LAN traffic. This example shows individual IP's, but could also be a range of IP's or the subnet, your choice. While this traffic can be permitted via the Internet Zone Control "Trusted" sites in the Personal Firewall Settings, some prefer to have specific rules for this traffic which would allow the user to monitor this traffic if and when desired. No logging is available for sites/traffic permitted via the Internet Zone Control.

Rule xx Block XXX Traffic - log
Category: NIS System Keeping
Rule in use: Yes
Logging: Log Entry
Protocol: TCP or UDP
Action: Block
Direction: Either
Application: Any Application
Local Service: Any Service
Local Address: Any Address
Remote Service: Any Service
Remote Address: (IPGroup xx)
......................IP: xxx.xxx.xxx.xxx
......................IP: xxx.xxx.xxx.xxx

***Note: An example global block rule for traffic to specic sites/remote addresses. While this traffic can be blocked via the Internet Zone Control "Restricted" sites in the Personal Firewall Settings, some prefer to have specific rules for this traffic which would allow the user to monitor this traffic. No logging is available for sites/traffic permitted via the Internet Zone Control.

Rule xx Block Inbound Code Red/Nimda - no log
Category: NIS System Keeping
Rule in use: Yes
Logging: No logging, no alert tracker, no security alert
Protocol: TCP
Action: Block
Direction: Inbound
Application: Any Application
Local Service:
..............Port: 80
Local Address: Any Address
Remote Service: Any Service
Remote Address: Any Address

***Note: Don't want to see all those Code Red/Nimda scans in your logs. An example of how a global block rule could be used to block a particular inbound communication, but not clutter up your logs.

| Top |

Basics
| Introduction | Settings | Categories | Creating | Logs |

Customizing Your Rule Set
| Rule Sets | System Wide Rules | Application Rules | Trojan Rules |
| Utilities | Home |

Contributors: CrazyM, jvmorris

Last updated: 2003-05-29
Basics

Introduction
Settings
Categories
Creating
Logs

Customizing

Rule Sets
System
Application
Trojan
Utilities

Home