Welcome, guest! Login / Register - Why register?
Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so just use oauth login instead. :)

Paste

Pasted as text by AFZ ( 19 years ago )
;
; Here's TdiFw sample configuration file
;
; It looks like similiar ini-file: sections, names and values
; and comments after ';' at the begining of line
;

; --- config file signature: don't change it ---
[_signature_]
_signature_=$tdi_fw$

; --- basic config parameters ---
[_config_]

; write ALLOW events to event log:
; 0 - don't write, write them to text log file
; 1 - write to event log
eventlog_allow=0

; write DENY events to event log
eventlog_deny=0

; write ERROR events to event log
eventlog_error=0

; wave file to play on DENY IN LOG
;wave_deny_in=D:WINNTMediadeny_in.wav
wave_deny_in=C:INSTALLsndding.wav

; wave file to play on DENY OUT LOG
;wave_deny_out=D:WINNTMediadeny_out.wav
wave_deny_out=C:INSTALLsndchord.wav

; --- Rulesets ---
;
; Default ruleset (must be in first line):
;
; _default_=section_1 section_2 ... section_n
;
; rules are in sections (for example [section_n]) in this file
; in order from first to last
;
; Process-related ruleset:
;
; <full_process_name>=<section_1> <section_2> ... <section_n>
;
; process-related rules (don't related with default). Example:
;
;%SystemRoot%system32	elnet.exe=allow_all
;
; Note1: max number of rulesets is 128
;        (for details see MAX_CHAINS_COUNT in ipc.h)
; Note2: process name can contain environment variables for example
;        %SystemRoot%

[_main_]
_default_=custom localnet localhost
%SystemRoot%system32	elnet.exe=allow_all
C:Program FilesOpera 9Opera.exe = localhost inet_ftp inet_http
C:Program FilesInternet ExplorerIEXPLORE.EXE = localhost inet_ftp inet_http
C:INSTALLBINwgetwget.exe = localhost inet_ftp inet_http
C:Program FilesPidginpidgin.exe = allow_all
C:INSTALLBINqipqip.exe = allow_all
C:Program FilesThe Bat!	hebat.exe = mail
c:FIDOT-MAIL	-mipnt.exe = allow_all
C:INSTALLBINemuleemule.exe = localhost allow_all
C:Program FilesSippointSippoint.exe = localhost allow_all
C:Program FilesVLCvlc.exe = allow_all
C:Program FilesSJphone 1.65SJphone.exe = localhost allow_all
C:WINNTsystem32
svp.exe = localhost vo_ip
C:WINNTsystem32services.exe = inet_dns
C:INSTALLBIN
map
map.exe = allow_all
C:INSTALLBINCoyoteCoyote.exe = inet_http
C:INSTALLBINCoyotecurl.exe = inet_http
C:INSTALLBINYoutube Grabber.exe = allow_all
C:Program FilesX-PROX-PRO.exe = localhost allow_all
C:INSTALLBINAutoSipnet.exe = localhost allow_all
C:Program Filesmozilla.orgSeaMonkeyseamonkey.exe = localhost inet_ftp inet_http 

; --- User rights ---
;
; You can assign what sections are allowed for users.
;
; _default_=*
;
; all sections are allowed for specified users. Or:
;
; _default_=section_1 section_2 ... section_n
;
; (_default_ must be in first line)
;
; <user>=*
; <user>=section_1 section_2 ... section_n
;
; You can specify <authority><user> instead of <user>
;
; Example:
;
; vasya=localhost
;
; For user "vasya" allow access to localhost only.
;
; Process-related rulesets & user rights together make 2-dimensional
; array. Each entry in array contains section (with rules). You may
; say section is an "role".
;
; Example:
;           | User-1 | User-2 | User-3 | Others (default)
; ----------+--------+--------+--------+-------------------
; Process-1 | A      | A      |        | A
; Process-2 |   B    |        | A      |   B
; Process-3 |     C  |        |   B    |
; Other proc| A B    |   B C D|     C D| A B C D
;

[_users_]
_default_=*
NT AUTHORITYSYSTEM=*

; --- Host names resolution ---
;
; <name>=<address>
; <name>=<address>/mask
;
; Then use names instead of addresses in rules.
;

[_hosts_]
ANY=0.0.0.0/0
; SELF is ANY equialent meaning this host
SELF=0.0.0.0/0
; change it to yours
LOCALNET=192.168.1.0/24
; addresses (add your own ones)
localhost=127.0.0.1
DNS_SERVER=127.0.0.1
DNS_SERVER=195.34.32.116
DNS_SERVER=212.188.4.10
;
; [<section_i>]
;
; is rule section (ruleset) with ALLOW or DENY rules
;
; Format of rule:
;
; [<name>:] ALLOW|DENY TCP|UDP|RawIP|* IN|OUT|* FROM <addr> TO <addr> [NOLOG|COUNT]
;
; <name> - name of the rule (will appear in logs or section name if you don't
;                           specify <name>) 32 characters maximum
;
; ALLOW or DENY - type of rule: allow or deny datagram or connection
;
; TCP, UDP, RawIP or * - protocol (RawIP is using of raw sockets,
;                                 "*" - any protocol)
;
; IN, OUT or * - direction for datagram or connection ("*" - IN/OUT)
;                NOTE: for "*" FROM address is _local_ side
;
;
; NOLOG - don't log using of this rule
; COUNT - count bytes of traffic for datagram/connections
;
; <addr> -  <host>[/<mask>][:<port>[-<port2>]
;
; <host> - IP address or host name (see [_hosts_])
; <mask> - network mask (from 0 to 32)
; <port> - port number (from 0 to 65535)
; <port2> - define port range from <port> to <port2>
;
; Examples:
;
; ALLOW TCP OUT FROM SELF TO ANY:135 NOLOG
; ALLOW UDP IN FROM LOCALNET:135 TO SELF:1024-4096
;
; If no rule's found: DENY and LOG by default

[custom]
; allow external networks activity you're using:
; www proxy
; smtp server
; pop3/imap4 server
; dns server

;proxy: ALLOW TCP OUT FROM SELF TO 192.168.0.254:8080
;smtp: ALLOW TCP OUT FROM SELF TO 192.168.0.254:25
; etc.

dns: ALLOW UDP * FROM SELF TO DNS_SERVER:53

[localnet]

; allow and log all localnet activity

tcp-localnet: ALLOW TCP * FROM SELF TO LOCALNET

; It may be useful: don't log NetBT UDP packets
ALLOW UDP * FROM SELF:137-138 TO LOCALNET:137-138 NOLOG
 
udp-localnet: ALLOW UDP * FROM SELF TO LOCALNET

ALLOW RawIP * FROM SELF TO LOCALNET NOLOG

; allow broadcasts
broadcast: ALLOW UDP OUT FROM SELF TO 255.255.255.255

[localhost]
; allow and don't log localhost activity

ALLOW * * FROM SELF TO localhost NOLOG

[allow_all]
; do you really want to use this rules section?

any: ALLOW  * * FROM SELF TO ANY

[mail]
pop3: allow * * from any to self:110 nolog
smtp: allow * out from self to any:25 nolog

[inet_p2p]
;http://emule-project.net/home/perl/help.cgi?l=1&rm=show_topic&topic_id=122
allow * * from self:4662 to any nolog
allow * * from self:4672 to any nolog
allow tcp * from self to any:80-63999 nolog
allow udp * from self:1024-5024 to any nolog
allow RawIP * from self to any nolog
allow udp out from self:137 to any:137 nolog
allow udp * from self:14059 to any nolog

[fido_ip]
allow udp * from self to any:53
allow tcp out from self to any:60179
allow tcp in from any to self:60179

[inet_icq]
allow tcp * from self to any:5190

[inet_ftp]
ftp: allow * * from self to any:20-21 nolog

[inet_http]
http: allow * * from self to any:80-81
https: allow * * from self to any:443

[vo_ip]
allow udp in from self:53 to any nolog
allow udp out from self to any:53 nolog
allow udp * from self:5060 to any:5060 nolog
allow udp * from self:1500-5003 to any:1500-5003 nolog
allow tcp out from self to any:5002 nolog
allow udp * from self:49152 to any nolog
allow RawIP out from self to any nolog

[inet_dns]
allow udp * from self to 195.34.32.116 nolog
allow udp * from self to 212.188.4.10 nolog
allow udp * from self to LOCALNET nolog

 

Revise this Paste

Your Name: Code Language: