My Look'n'Stop Ruleset

Here is the Look'n'Stop homepage

(The french version contains slightly more info, e.g. FAQ ;-)

Here you can even download the ruleset file. Note that I've changed all "My IP"s and MAC adresses to resp. 00:00:00:00:00:00. Right now i've fixed a small problem in the Tracert rule: it was to filter on ICMP types all, 11 - now that's equal 11. Maybe i'll change some few things more - I'll tell you when. Ah yes, one more thing: in the downloadable .rls set, there is a loopback rule that up to now appears only in the table at the very bottom and not at all in the ruleset overview snapshot...

TCP Rules
Block Land Attack
Block Land Attack
TCP: Block Winnuke
Block Winnuke
TCP: Block outbound 80
Block outbound traffic from localhost:80
TCP: Block outbound Sub7
Block outbound traffic
from a local SubSeven Server (on 27374)
TCP: Allow mail
Allow POP and SMTP for Mail
TCP: Allow www
Allow HTTP and HTTPS
TCP: Allow ftp
Allow FTP
TCP: Allow nntp
Allow NNTP for Usenet
TCP: Allow irc
Allow IRC
TCP: Allow dcc
Allow IRC's DCC
TCP: Allow telnet
Allow Telnet
TCP: Allow ident
Allow Ident queries
(needed by some IRC servers)
TCP: Allow finger
Allow to finger someone else
TCP: Allow proxies 1
Allow Proxies at ports 8000-8888
TCP: Allow proxies 2
Allow Proxies at 1080 and 3128
TCP: Allow whois
Allow Whois on someone else
(needed for some Trace Apps)
TCP: Allow hosts2-ns
Allow Hosts2-NS Protocol
(What's this for?)
UDP Rules
UDP: Block netbios
Block NetBIOS
UDP: Block inbound broadcast
Block inbound UDP broadcast
UDP: block unnecessary bootp
Block unnecessary bootp -
has to precede "Allow Bootp"
UDP: Allow bootp
Allow Bootp
UDP: Allow dns
Allow DNS
UDP: Allow sntp
Allow SNTP Time Synch.
UDP: Allow outbound broadcast
Allow outbound UDP broadcast
ICMP Rules
ICMP: Allow ping request
Allow Ping others (request)
ICMP: Allow ping response
Allow Ping others (response)
ICMP: Allow tracert
Allow Tracert
ICMP: Block icmp type 10
Block ICMP Type 10
ARP Rules
ARP: Allow inbound replies
Allow ARP replies coming in from my gateway
ARP: Allow outbound requests
Allow ARP requests broadcasting out
Note several things however:
  1. I have not added the "Termination Rules". They are the same as in the default ruleset.
  2. FTP is a tricky issue. Often - and especially if you're not using an FTP Client like CuteFTP, but rather your Browser's FTP or Getright, Go!Zilla, etc. - connections open up on totally arbitrary ports (in the range of local:1024-5000 however). I have not been able to cope with this up to now but rather am temporarily disabling TCP and General Termination Rules - very bad solution indeed...
  3. I have configured my IRC client to have its DCC Server listen on port 7700 and to use ports 7701-7800 for transfers.
  4. I have no idea what this hosts2-ns protocol is supposed to accomplish. It showed in my log when i wanted to download something from CNet...

There are infinitely more ressources at the Look'n'Stop Forum which is part of the Becky Users Forums.

There i found also the following rulesets:
Rules provided by other people
Maddoktor2's ICQ rules
ICQ Server connection
ICQ Server connection
ICQ Client to Client
ICQ Client to Client
ICQ rule ordering
ICQ rule ordering
Federic's Napster & Mail rules
Napster Rule 1
Napster Rule 1
Napster Rule 2
Napster Rule 2
Mail Rule
Mail Rule
other rules of myself that are not used
Block Server on Port 110
Block Servers on port 110
(e.g. POProxy) from sending out data
Block connections to 27374
Block clients on your comp.
from connecting to Sub7 Servers
Loopback Rule for
I hope I have not forgotten any... If i did, please mail me.
I guess pretty soon there will be a ruleset page where all this info and rulesets can be found consolidated...