1. Home
  2. Networking Firewalls
  3. CHX Packet Filter - Sample ruleset

CHX Packet Filter - Sample ruleset

Running Kerio 2.1.5 and having read about its fragmented-packet vulnerability, I've downloaded CHX3 from

formatting link
. Many posts on Google mention downloading the sample ruleset and registering with the website.

All I can see on the Third Brigade website are 5 download files and the online documentation, which I have had an initial browse through.

It's a bit bewildering at the moment and I was hoping to download and the sample ruleset and take it from there.

I'd be really grateful if anyone could point me in the direction of the mysterious "sample ruleset"?

Many thanks.

Martin

Reply to
Leatrice
Loading thread data ...

The CHX site has changed in the past year and it looks like they don't have the sample rule set there anymore. I'd try here in the CHX Forum:

formatting link
Look around and/or ask there. The CHX people post there off and on, and there are several other CHX users who may be able to help or give you a link to the sample set. The sample rules are quite simple. If I recall there are only 2 rules needed, that and you need to enable SPI. Be aware though, that out of the box with no rules, CHX allows all traffic and will not protect you against anything.

Reply to
Kerodo

Thanks, Kerodo. It was your archived Google posts that I mostly came across, and, whilst I have attempted to see the wood for the trees in the CHX online documentation, your posts with their simple and basic advice were the ones that seemed like a lifeline when swimming in treacle.

Many thanks for your helpful reply.

Martin

Reply to
Martin

Martin, if that's a valid email address you're using here, then I can try to dig up my copy of the CHX sample rules and send it to you if you like?

Reply to
Kerodo

Well, I can send you the file(s) (I'll see what I have here), but I'm not so sure I can guide you as far as which adapter to import them to. I don't run CHX anymore myself since I have a router here, but if I remember right, all you need to do is right click on the Interface section or the adapter and import the file. I think export worked the same way if you want to save them. To be honest, it's been almost a year now since I used CHX, last was an early v3 beta. The forum I pointed you to is rather slow, but there are several CHX users there, so I think you will probably get more help there.

At any rate, I'll send you whatever CHX sample rules I have in a few minutes..

Reply to
Kerodo

That would be brilliant, many thanks. It is a valid e-mail address.

Could you guide me as to where to improt them. I am on dial-up, though I intend moving to ADSL in the future. Under Packet Filters (Global) I have:

PGPnet Virtual Identity Adapter (MAC FF FF FF 00 00 00) and Dial-up or VPN (split into Public and Private)

(I don't run the PGP service unless I wish to encrypt/decript a file containing sensitive info - I don't otherwise use PGP.)

Sincere thanks.

Martin

Reply to
Martin

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.