Hi Andrew and Simon, thanks to both for the explanation. I understand better what rulesets are about now. Sounds very involved too but, i bet you get best security a firewall can if you know what do with rulesets when creating them. thanks again, JUstin ----- Original Message ----- From: "Andrew Hodgson" <andrew@xxxxxxxxxxxxxxxxx> To: <access-uk@xxxxxxxxxxxxx> Sent: Sunday, August 29, 2004 6:08 PM Subject: [access-uk] Re: Firewall/rulesets > Justin, > > Rulesets are a combination of all you wrote really, but you can look at > them like this: > > You have to start with an implicit rule, this can either be a block > everything rule, or an allow everything in rule. An event occurs, like > an application wanting access, or someone accessing a TCP port, and the > event criteria go down the list of rules, and if it meets a matching > rule, it will be acted on. If it gets to the bottom, then the implicit > rule will take play - usually, to deny the connection. On firewalls > like Sygate, it is a bit different, since it is a slight mix between > ruleset based filtering and application based filtering - i.e, there are > options for both situation. Kerio and Atguard were very good examples > of software based ruleset firewalls, except for in these cases, there > was another implicit rule, ask user, which is why users get the popups. > This of course can be switched off. > > Rulesets usually are found on hardware firewalls like the Vigor and more > expensive units, whereby specifying applications is not possible, so > everything is done on TCP source/destination data, or the content of the > TCP packets. Software like Microsoft ISA firewall actually tries to do > both, with the use of the firewall server for rule based detection, and > the ISA client for application protection. > > The other thing with rulesets is that you can branch off to other > rulesets if necessary. For example, on the Vigor, there are multiple > rulesets you can define, and you start off with two conditions: A > ruleset for incoming/outgoing connections (set 1), and a ruleset for > outgoing connections to stop the router from going online if you are not > on a permant ADSL or ISDN connection (set 2). If, say, you wanted to > split up the rules into incoming/outgoing connections, but these relate > to the router when online, you would create two separate branches off > ruleset 1, set 3 and 4, which relate to incoming/outgoing connections. > This way, you get a lot of rules in a very managable interface. This > takes a very long time to configure, especially given the fact that if > you mess it up, you may have to wipe the settings and start over to get > any sort of access back. The default rulesets on the Vigor are > sufficient for really most users, especially if they only have one > static IP address (including me). > > Andrew. > ** Going on holiday and want to halt messages? Send a message to:- ** access-uk-request@xxxxxxxxxxxxx ** and in the Subject line type ** vacation ## d ** where ## is the number of days followed by d for days. ** For other things like digest mode, send a message, to ** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq