查看: 27766|回复: 135
收起左侧

[分享] SEP防火墙规则2013.03.11再度更新

  [复制链接]
jxfaiu
发表于 2012-12-19 19:44:06 | 显示全部楼层 |阅读模式
本帖最后由 jxfaiu 于 2013-3-22 21:49 编辑

申明:2013.03.11日再次更新SEP防火墙规则,以下规则仅适合个人用户,如有影响使用的用户,请根据防火墙日志自行调整规则。

SEP防火墙通用规则:

原SEP12防火墙规则,自定义加入8条:

  1,禁止IP0.0.0.0传入、传出,主机:IP:0.0.0.0,协议:所有IP,方向:两者;

  2,禁止IP 127.0.0.1传入、传出,主机:IP:127.0.0.1,协议:所有IP,方向:两者;

  3,禁止IP224.0.0.0-224.0.0.255传入、传出,主机:IP:224.0.0.0-224.0.0.255,协议:所有IP,方向:两者;

  4,禁止IP0.0.0.0掩码0.0.0.255传入、传出,主机:子网IP地址:0.0.0.0,子网掩码:0.0.0.255,协议:所有IP,方向:两者;

  5,禁止TCP本地端口传入、传出,主机:所有主机,协议:TCP,本地端口:0,21,22,23,25,31,41,50,58,69,71,72,73,74,77,79,97,107,110,111,113,119,121,135,137,138,139,146,311,445,531,544,548,555,556,593,666,911,999,1001,1010,1011,1012,1015,1024,1025,1026,1027,1028,1029,1030,1033,1042,1045,1057,1080,1090,1095,1097,1098,1099,1158,1170,1234,1243,1245,1345,1349,1433,1434,1492,1521,1524,1600,1807,1831,1981,1999,2000,2001,2002,2003,2004,2005,2023,2100,2115,2140,2565,2583,2701,2702,2703,2704,2773,2774,2801,2869,3024,3129,3150,3389,3700,4092,4267,4567,4590,4899,5000,5001,5168,5321,5333,5357,5358,5400,5401,5402,5550,5554,5555,5556,5557,5569,5742,6267,6400,6670,6671,6711,6771,6776,6883,6939,6969,6970,7000,7001,7080,7215,7300,7301,7306,7307,7308,7597,7626,7789,8080,8081,9080,9090,9400,9401,9402,9408,9535,9872,9873,9874,9875,9898,9989,10067,10167,10168,10520,10607,11000,11223,12076,12223,12345,12346,12361,12362,12363,12631,13000,14500,14501,14502,14503,15000,15382,16484,16772,16969,17027,17072,17166,19191,19864,20000,20001,20002,20023,20034,21544,22222,23005,23006,23023,23032,23456,23476,23477,25685,25686,25982,26274,27374,29104,30001,30003,30029,30100,30101,30102,30103,30133,30303,30947,30999,31337,31338,31339,31666,31785,31787,31788,31789,31791,31792,32100,32418,33333,33577,33777,33911,34324,34324,34555,35555,40421,40422,40423,40424,40425,40426,41337,41666,43210,44445,47262,49301,50130,50505,50766,51996,53001,54283,54320,54321,55165,57341,58339,60000,60411,61348,61466,61603,63485,65000,65390,65432,65535 方向:两者;

  6,禁止UDP本地端口传入、传出,主机:所有主机,协议:UDP,本地端口:0,21,31,41,58,69,111,135,137,138,146,161,162,445,531,555,666,911,999,1001,1010,1011,1012,1015,1025,1027,1033,1042,1170,1234,1243,1245,1434,1492,1561,1600,1807,1900,1981,1999,2000,2001,2023,2115,2140,2583,2701,2702,2703,2704,2801,2989,3129,3024,3072,3150,3333,3700,3996,4006,4011,4060,4092,4321,4500,4590,5000,5001,5168,5321,5355,5357,5358,5400,5401,5402,5550,5569,5742,6267,6400,6670,6671,6711,6771,6776,6883,7000,7028,7300,7301,7306,7307,7626,7789,8225,9400,9401,9402,9872,9873,9874,9875,9989,10067,10167,11000,11223,12076,12223,12345,12346,12361,16969,19191,20000,20001,20034,21554,22222,22226,23456,26274,27374,30100,30303,30999,31337,31338,31339,31666,31785,31787,31788,31789,31791,31792,33333,33390,34324,34555,40412,40421,40422,40423,40425,40426,43210,44445,47262,50766,54320,54321,60000,61466,65000 方向:两者;

  7,禁止ICMP 4,5,8-18传入,主机:所有主机,协议:ICMP,方向:传入,勾选4,5,8-18,源抑制、重定向、回显请求、路由器通告、路由器请求、数椐报超时、数椐报上的参数问题、时间戳请求、时间戳回复、信息请求、信息回复、地址掩码请求、地址掩码回复
方向:传入;

  8,禁止ICMP  0,3,4,5,9-18传出,主机:所有主机,协议:ICMP,勾选0,3,4,5,9-18,回显回复、目标不可到达、源抑制、重定向、路由器通告、路由器请求、数椐报超时、数椐报上的参数问题、时间戳请求、时间戳回复、信息请求、信息回复、地址掩码请求、地址掩码回复
方向:传出;
   
   删除现有规则:点第一条规则,按住shift键,点最后一条,待所有规则变成蓝色后,点删除。
   
   右键点显示框的导入浏览至规则文件夹一键导入。

SEP防火墙通用规则相同官方默认规则的使用方法:当有程序连网会弹窗提示,点是允许、点否阻止;
如想阻止你已允许的程序连网参照下图:可在网络威胁防护-查看应用程序设置的界面中点程序右键再点显示框的禁止;当你想阻止的程序在运行时也可在网络威胁防护-查看网络活动的界面中点程序右键再点显示框的禁止:




SEP防火墙通用规则规则包

SEP防火墙无线局域网绑定MAC规则

原SEP12防火墙规则,自定义加入13条:

  1,禁止IP0.0.0.0传入、传出,主机:IP:0.0.0.0,协议:所有IP,方向:两者;

  2,禁止IP 127.0.0.1传入、传出,主机:IP:127.0.0.1,协议:所有IP,方向:两者;

  3,禁止IP224.0.0.0-224.0.0.255传入、传出,主机:IP:224.0.0.0-224.0.0.255,协议:所有IP,方向:两者;

  4,禁止IP0.0.0.0掩码0.0.0.255传入、传出,主机:子网IP地址:0.0.0.0,子网掩码:0.0.0.255,协议:所有IP,方向:两者;

  5,禁止TCP本地端口传入、传出,主机:所有主机,协议:TCP,本地端口:0,21,22,23,25,31,41,50,58,69,71,72,73,74,77,79,97,107,110,111,113,119,121,135,137,138,139,146,311,445,531,544,548,555,556,593,666,911,999,1001,1010,1011,1012,1015,1024,1025,1026,1027,1028,1029,1030,1033,1042,1045,1057,1080,1090,1095,1097,1098,1099,1158,1170,1234,1243,1245,1345,1349,1433,1434,1492,1521,1524,1600,1807,1831,1981,1999,2000,2001,2002,2003,2004,2005,2023,2100,2115,2140,2565,2583,2701,2702,2703,2704,2773,2774,2801,2869,3024,3129,3150,3389,3700,4092,4267,4567,4590,4899,5000,5001,5168,5321,5333,5357,5358,5400,5401,5402,5550,5554,5555,5556,5557,5569,5742,6267,6400,6670,6671,6711,6771,6776,6883,6939,6969,6970,7000,7001,7080,7215,7300,7301,7306,7307,7308,7597,7626,7789,8080,8081,9080,9090,9400,9401,9402,9408,9535,9872,9873,9874,9875,9898,9989,10067,10167,10168,10520,10607,11000,11223,12076,12223,12345,12346,12361,12362,12363,12631,13000,14500,14501,14502,14503,15000,15382,16484,16772,16969,17027,17072,17166,19191,19864,20000,20001,20002,20023,20034,21544,22222,23005,23006,23023,23032,23456,23476,23477,25685,25686,25982,26274,27374,29104,30001,30003,30029,30100,30101,30102,30103,30133,30303,30947,30999,31337,31338,31339,31666,31785,31787,31788,31789,31791,31792,32100,32418,33333,33577,33777,33911,34324,34324,34555,35555,40421,40422,40423,40424,40425,40426,41337,41666,43210,44445,47262,49301,50130,50505,50766,51996,53001,54283,54320,54321,55165,57341,58339,60000,60411,61348,61466,61603,63485,65000,65390,65432,65535 方向:两者;

  6,禁止UDP本地端口传入、传出,主机:所有主机,协议:UDP,本地端口:0,21,31,41,58,69,111,135,137,138,146,161,162,445,531,555,666,911,999,1001,1010,1011,1012,1015,1025,1027,1033,1042,1170,1234,1243,1245,1434,1492,1561,1600,1807,1900,1981,1999,2000,2001,2023,2115,2140,2583,2701,2702,2703,2704,2801,2989,3129,3024,3072,3150,3333,3700,3996,4006,4011,4060,4092,4321,4500,4590,5000,5001,5168,5321,5355,5357,5358,5400,5401,5402,5550,5569,5742,6267,6400,6670,6671,6711,6771,6776,6883,7000,7028,7300,7301,7306,7307,7626,7789,8225,9400,9401,9402,9872,9873,9874,9875,9989,10067,10167,11000,11223,12076,12223,12345,12346,12361,16969,19191,20000,20001,20034,21554,22222,22226,23456,26274,27374,30100,30303,30999,31337,31338,31339,31666,31785,31787,31788,31789,31791,31792,33333,33390,34324,34555,40412,40421,40422,40423,40425,40426,43210,44445,47262,50766,54320,54321,60000,61466,65000 方向:两者;

  7,禁止ICMP 4,5,8-18传入,主机:所有主机,协议:ICMP,方向:传入,勾选4,5,8-18,源抑制、重定向、回显请求、路由器通告、路由器请求、数椐报超时、数椐报上的参数问题、时间戳请求、时间戳回复、信息请求、信息回复、地址掩码请求、地址掩码回复
方向:传入;

  8,禁止ICMP  0,3,4,5,9-18传出,主机:所有主机,协议:ICMP,勾选0,3,4,5,9-18,回显回复、目标不可到达、源抑制、重定向、路由器通告、路由器请求、数椐报超时、数椐报上的参数问题、时间戳请求、时间戳回复、信息请求、信息回复、地址掩码请求、地址掩码回复
方向:传出;

  9,Block arp0806,主机:所有主机,协议:以太网,网络类型:0x806,方向:两者;

  10,Block arp0x808,主机:所有主机,协议:以太网,网络类型:0x808,方向:两者;

  11,Block arp0x8035,主机:所有主机,协议:以太网,网络类型:0x8035,方向:两者;

  12,允许网络通信,主机:MAC地址:输入你当前的路由器网关格式如:(00:21:91:38:0F:C2),协议:所有IP,方向:两者;应用程序:勾选你所有需连网的程序

  13,禁止所有网络通信,所有主机,协议:所有IP,方向:两者;
   
   删除现有规则:点第一条规则,按住shift键,点最后一条,待所有规则变成蓝色后,点删除。
   
   右键点显示框的导入浏览至规则文件夹一键导入。

  SEP防火墙无线局域网绑定MAC规则使用前仔细参阅http://bbs.kafan.cn/thread-1424523-1-1.html
规则导入后注意:

1,在(允许 EAPOL 无线通信)与(允许网络通信)两条规则的编辑主机界面替换你当前的路由器MAC地址:格式为如:00-27-19-A3-2A-F4,否则不能连网


  2,一定要在(允许网络通信)这条规则的编辑应用程序界面中勾选你所需连网的程序,记住一定要勾选系统进程(Generic Host Process for win32 services就是C:\WINDOWS\system32\svchost.exe);如不执行应用程序的勾选,规则默认是允许所有应用程序的,(则防火墙不提示,任意程序都能联网);决定某个程序是否连网在此规则的应用程序中勾选;只需你勾选了1个程序,未勾选的任何程序一律连不了网;启用了SEP防火墙无线局域网绑定MAC规则,在查看应用程序设置及查看网络活动的设置是无效的。



SEP防火墙无线局域网绑定MAC规则包
本人无线网启用SEP防火墙无线局域网绑定MAC规则,SEP防火墙的日志:



如有影响使用,请删除:禁止IP 127.0.0.1传入、传出规则;有不对之处望大家多多指正。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 2经验 +40 魅力 +1 人气 +2 收起 理由
xiaopangjie + 2 版区有你更精彩: )
光之优雅 + 40 + 1 感谢J大持续更新!

查看全部评分

ID不变
发表于 2012-12-19 19:53:46 | 显示全部楼层
虽然这个不适合我,但还是要来支持下LZ,辛苦
wrwj
发表于 2012-12-19 20:23:14 | 显示全部楼层
这个非常不错,下来研究下
5iqinlu
发表于 2012-12-20 22:40:36 | 显示全部楼层
虽然不懂,支持lz,辛苦了
jxfaiu
 楼主| 发表于 2012-12-25 14:15:08 | 显示全部楼层
wrwj 发表于 2012-12-19 20:23
这个非常不错,下来研究下

规则已调整,有需要的用户请下载最新的规则包。
天山小蚊子
发表于 2012-12-25 16:44:49 | 显示全部楼层
  如何研究SEP这个软件功能呢?
jxfaiu
 楼主| 发表于 2012-12-25 16:48:20 | 显示全部楼层
天山小蚊子 发表于 2012-12-25 16:44
如何研究SEP这个软件功能呢?


个人用户,SEP防火墙不用研究,导入通用规则,傻瓜式,运行程序需要连网的点是允许,不需要连网的程序弹窗点否拦截
天山小蚊子
发表于 2012-12-25 16:58:18 | 显示全部楼层
  我才进公司,公司卖SEP,让我接手实施!让我自己研究从安装控制台到客户端安装配置等。就没人管我了,我不知道如何入手!!!
jxfaiu
 楼主| 发表于 2012-12-25 17:52:02 | 显示全部楼层
天山小蚊子 发表于 2012-12-25 16:58
我才进公司,公司卖SEP,让我接手实施!让我自己研究从安装控制台到客户端安装配置等。就没人管我了 ...

我们用的是非客户端。
lxhong_1979
发表于 2012-12-25 22:45:10 | 显示全部楼层
这个非常不错
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-22 18:47 , Processed in 0.141928 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表