APPENDIX C – How to manually configure your firewall ?
In order to use Venik, a firewall must be installed on server host and must:
- Be activated
- Block incoming ICMP_ECHO_REQUEST packets
- Allow outcoming ICMP_ECHO_REQUEST packets
This appendix describes how to manually configure server host firewall on:
|
You need administrator privileges to activate and configure your firewall on Windows or Linux. |
|
|
From Windows XP, a firewall is embedded in Microsoft Windows. We recommend you use this embedded firewall if you want to use Venik Server on Microsoft Windows. |
Windows XP
Step1: Activating Windows embedded firewall
To activate Windows embedded firewall, use the following command from the command prompt:
| >netsh firewall set opmode enable |
Step2: Blocking incoming ICMP_ECHO_REQUEST packets
To block all incoming ICMP_ECHO_REQUEST packets, use the following command from the command prompt:
| >netsh firewall set icmpsetting 8 disable |
Step3: Allowing outcoming ICMP_ECHO_REQUEST packets
Windows XP embedded firewall does not manage outcoming packets, only incoming packets. So you do not have to configure your Windows XP embedded firewall to allow all outcoming ICMP_ECHO_REPLY packets, they will automatically be allowed.
Windows Vista / Seven / 2008 Server
Step1: Activating Windows embedded firewall
To activate Windows firewall, use the following command from the command prompt:
| >netsh advfirewall set allprofiles state on |
Step2: Blocking incoming ICMP_ECHO_REQUEST packets
To block all incoming ICMP_ECHO_REQUEST packets, use the following command:
| >netsh advfirewall firewall add rule name=”ICMP V4 Block all incoming echo request” protocol=icmpv4:8,any dir=in action=block |
Step3: Allowing outcoming ICMP_ECHO_REQUEST packets
To allow all outcoming ICMP_ECHO_REPLY packets, use the following command from the command prompt:
| >netsh advfirewall firewall add rule name= »ICMP V4 Allow all outcoming echo reply » protocol=icmpv4:0,any dir=out action=allow |
|
|
We recommend you use firewall iptables if you want to use Venik Server on Linux. |
Linux
Step1: Activating iptables
To activate iptables, use the following command from the command prompt:
| >chkconfig iptables on >service iptables start |
Step2: Blocking incoming ICMP_ECHO_REQUEST packets
To block all incoming ICMP_ECHO_REQUEST packets, use the following command from the command prompt:
| >iptables -A INPUT -p icmp –icmp-type echo-request -j DROP |
Step3: Allowing outcoming ICMP_ECHO_REQUEST packets
To allow all outcoming ICMP_ECHO_REPLY packets, use the following command from the command prompt:
| >iptables -A OUTPUT -p icmp –icmp-type echo-reply -j ACCEPT |