Page principale

APPENDIX C – How to manually configure your firewall ?

In order to use Venik, a firewall must be installed on server host and must:

  • Be activated
  • Block incoming ICMP_ECHO_REQUEST packets
  • Allow outcoming ICMP_ECHO_REQUEST packets

This appendix describes how to manually configure server host firewall on:

You need administrator privileges to activate and configure your firewall on Windows or Linux.

From Windows XP, a firewall is embedded in Microsoft Windows. We recommend you use this embedded firewall if you want to use Venik Server on Microsoft Windows.

Windows XP

Step1: Activating Windows embedded firewall
To activate Windows embedded firewall, use the following command from the command prompt:

>netsh firewall set opmode enable

Step2: Blocking incoming ICMP_ECHO_REQUEST packets
To block all incoming ICMP_ECHO_REQUEST packets, use the following command from the command prompt:

>netsh firewall set icmpsetting 8 disable

Step3: Allowing outcoming ICMP_ECHO_REQUEST packets
Windows XP embedded firewall does not manage outcoming packets, only incoming packets. So you do not have to configure your Windows XP embedded firewall to allow all outcoming ICMP_ECHO_REPLY packets, they will automatically be allowed.

Windows Vista / Seven / 2008 Server

Step1: Activating Windows embedded firewall
To activate Windows firewall, use the following command from the command prompt:

>netsh advfirewall set allprofiles state on

Step2: Blocking incoming ICMP_ECHO_REQUEST packets
To block all incoming ICMP_ECHO_REQUEST packets, use the following command:

>netsh advfirewall firewall add rule name=”ICMP V4 Block all incoming echo request” protocol=icmpv4:8,any dir=in action=block

Step3: Allowing outcoming ICMP_ECHO_REQUEST packets
To allow all outcoming ICMP_ECHO_REPLY packets, use the following command from the command prompt:

>netsh advfirewall firewall add rule name= »ICMP V4 Allow all outcoming echo reply » protocol=icmpv4:0,any dir=out action=allow
We recommend you use firewall iptables if you want to use Venik Server on Linux.

Linux

Step1: Activating iptables
To activate iptables, use the following command from the command prompt:

>chkconfig iptables on
>service iptables start

Step2: Blocking incoming ICMP_ECHO_REQUEST packets
To block all incoming ICMP_ECHO_REQUEST packets, use the following command from the command prompt:

>iptables -A INPUT -p icmp –icmp-type echo-request -j DROP

Step3: Allowing outcoming ICMP_ECHO_REQUEST packets
To allow all outcoming ICMP_ECHO_REPLY packets, use the following command from the command prompt:

>iptables -A OUTPUT -p icmp –icmp-type echo-reply -j ACCEPT