![[Guide Home]](../resources/misc/oplogo_green.jpg){kind=small}
|
The Web Hikers guide to
|
![[Green colours with tiny sized fonts]](../resources/misc/css_green_small.gif){kind=small}
![[Green colours with medium sized fonts]](../resources/misc/css_green_regular.gif){kind=small}
![[Green colours with large sized fonts]](../resources/misc/css_green_large.gif){kind=small}
![[Orange colours with tiny sized fonts]](../resources/misc/css_orange_small.gif){kind=small}
![[Orange colours with medium sized fonts]](../resources/misc/css_orange_regular.gif){kind=small}
![[Orange colours with large sized fonts]](../resources/misc/css_orange_large.gif){kind=small}
![[Blue colours with tiny sized fonts]](../resources/misc/css_blue_small.gif){kind=small}
![[Blue colours with medium sized fonts]](../resources/misc/css_blue_regular.gif){kind=small}
![[Blue colours with large sized fonts]](../resources/misc/css_blue_large.gif){kind=small}
![[Grey colours with tiny sized fonts]](../resources/misc/css_grey_small.gif){kind=small}
![[Grey colours with medium sized fonts]](../resources/misc/css_grey_regular.gif){kind=small}
![[Grey colours with large sized fonts]](../resources/misc/css_grey_large.gif){kind=small}
Creating from scratch
Creating rules from scratch with outpost is very easy. In this example I am going to show you how to create a rules for your e-mail client without using the rules presets. I will be using Outlook Express in this example and the rules you will be creating are exactly the same rules you would have had created for you if you had used Outpost's preset rules for Outlook Express. This tutorial won't show you how to tighten your rules for OE, this tutorial is just to show you how to create rules manually.
Creating rules for Outlook Express
Assuming you haven't already created rules for OE, setup a mail account if you don't already have one, and try and collect your mail. This window Create rule for MSIMN.EXE should have popped up:
![[Create rule for MSIMN.EXE]](../resources/snapshots/outpost/99.gif)
I assume you know what the different elements of this window are, if you don't read this. Click on the dropdown arrow on the Combo box and select 'Other' and then click on the 'OK' button:
![[Creating a rule using preset Other...]](../resources/snapshots/outpost/100.gif)
Now a Rules creation window will open up:
![[Rules window]](../resources/snapshots/outpost/101.gif)
Outpost has filled in some of the blanks for us using the information presented to us in Create rule for MSIMN.EXE popup window. All that is needed now to finish this rule is to select an Action and click on the button 'OK'. Before going any further I will explain what the components of the rules popup are:
1 - Select the Event for your rule
This is the 'nuts and bolts' of your rule. It is here that you decide on how loose or tight to make the rule by specifying various elements, these are:
- Where the specified protocol is
- Where the specified direction is
- Where the specified remote host is
- Where the specified remote port is
- Where the specified local host is
- Where the specified local port is
- Where the specified time interval is
In our case the Protocol is TCP, the Direction is Outbound, the Remote Host is services.msn.com, and the Remote Port is 80 (HTTP). You add or remove Events by toggling the check boxes next to the Events you want to apply to the rule, checked is applied where as unchecked is not applied.
2 - Select an Action for your rule
Once you have created the Events for your rule you need to tell Outpost what Action to perform, or put another way, what should be done with any packet that matches the Events of your rule. The options available to you are:
- Allow it
- Deny it
- Reject it
- Report it
- Run application
'Allow it' permits the packet. 'Deny it' drops the packet and the source is not notified by an ICMP/TCP message - the port is stealthed. 'Reject it' drops the packet and the source of the packet is notified by an appropriate port unreachable message - the port is closed. 'Report it' can be selected along with 'Allow it', 'Deny it', and 'Reject it'. 'Report it' is used to notify you when a particular rule has been applied to a packet. This is done by presenting you with a popup entitled Outpost Firewall Report:
![[An example of a Report popup window]](../resources/snapshots/outpost/91.gif)
An entry in the Reported log is also made so you can find out more details about the communication quickly without having to go through the Allowed or Blocked logs. 'Run Application' can be used to open up a particular program, open a URL, a document, or a folder.
3 - Rule Description
This is a brief summary of the rule, it list the Actions and Events that make up the rule. You also use this section for modifying Event details. For example, if you wanted to change the Direction Event from 'Outbound' to 'Inbound', click on the Outbound link in the Rule Description box next to 'Where the direction is'.
![[Changing the Direction Event of a rule]](../resources/snapshots/outpost/104.gif)
A Destination popup window will appear, toggle 'Inbound' and click on the 'OK' button. Changing aspects of other Events is just as easy, click on the link for the Event you want to change and select the change you want from the popup that appears.
4 - Name of Rule
This is the name for the rule, it's what appears under the 'Reason' column in all of Outposts logs. Outpost isn't very imaginative as you can see from the current name: MSNIM Rule #1. This would be great if you were a computer but it's hardly easy to remember exactly what the rule does from this name. You should make the names easy to understand and give yourself some idea of what the rules is for.
Back to creating our first rule for Outlook Express...
Remember we are going to be creating rules that match Outpost presets for Outlook Express, don't worry if you are not to sure yet what Protocols, Ports, and other things are for, this tutorial is just to show you the process of creating rules manually for an application.
In order to duplicate the presets we need five rules called:
- Send Mail By Outlook Express
- Read News By Outlook Express
- Receive Mail By Outlook Express
- Outlook Express IMAP connection
- Outlook Express HTTP connection
As the rule Outpost has created so far is already set up for HTTP communication we will use it for the the rule Outlook Express HTTP connection. The first thing to do is change the events for this rule so that it is applied to all remote hosts and not just to services.msn.com. To do this uncheck the toggle next to 'Where the specified remote host is' line in the Event box.
Then change the name from MSNIM Rule #1 to Outlook Express HTTP connection. Next Click on the HTTP link in the Rule Description and from the popup Select remote port add the following ports/services after HTTP in the text box: 81, 82, 83, HTTPS, SOCKS, PROXY:3128, PROXY:8080, PROXY:8088, and 11523. There is no need to add spaces after the commas or enter the service names in uppercase, just put the caret after HTTP and start typing. See the image below for an example:
![[Select remote port popup window]](../resources/snapshots/outpost/106.gif)
When you have added the additional ports and services toggle 'Allow it' in the Actions box of the Rules window. All the changes have now been made, the Rules window should look like this:
![[The modified Rules window]](../resources/snapshots/outpost/105.gif)
Click on the button 'OK'. Kill Outlook Express now, if any rule creation popups appear before you can do this just click on the 'Block Once' button. The next section will show you how to create the other rules Outlook Express requires.
Creating the remaining rules
Now we need to create the other four rules. Open up Outpost main window and select form the 'Options' menu: Options -> Application... The main Options window appears with the 'Application' tab selected:
![[Options window with the Applications tab selected]](../resources/snapshots/outpost/107.gif)
Double click on MSIMN.EXE which you will find in the ![[Partially allowed applications icon]](../resources/snapshots/outpost/95.gif){kind=small}
Partially allowed applications list. The Rules window will open for Outlook Express, currently there should only be one rule, the one we have just created called Outlook Express HTTP connection. Click on the 'New' button and a blank Rules window will open. Name the new rule Send Mail By Outlook Express. Now check 'Where the specified protocol is' toggle and then click on the Unspecified link after 'Where the protocol is'. in the Rule Description box. The Select Protocol popup will appear:
![[The Select Protocol popup window]](../resources/snapshots/outpost/108.gif)
Toggle TCP and click on the 'OK' button. Now check the Action 'Where the specified direction is' and then click on the Unspecified link after 'Where the direction is' in the Rule Description box. On the Destination popup toggle 'Outbound'. Now using the above as a guide of how to do it, specify a Remote port of SMTP and the Action 'Allow it'. If you have done it correctly the Rules window should look like this:
![[The second rule you create should look like this]](../resources/snapshots/outpost/109.gif)
Close this window and you should see the new rule Send Mail By Outlook Express below your first rule Outlook Express HTTP connection. Now create three more rules with the following specifications:
Read News By Outlook Express
- Protocol: TCP
- Destination: Outbound
- Remote port: NNTP
Receive Mail By Outlook Express
- Protocol: TCP
- Destination: Outbound
- Remote port: POP3
Outlook Express IMAP connection
- Protocol: TCP
- Destination: Outbound
- Remote port: 143
That's it! Hopefully you now know how to create and modfiy rules, and if nothing else you should now be more familiar with Outpost's GUI.
Outpost and the Outpost logo are ©Agnitum Software
This is an unofficial guide, the information expressed here may differ from Agnitum's. There is a support forum (no longer run by Agnitum, but by users) if you need more help this is a good place to start. Where information here conflicts with what Agnitum have told you always go with the information given to you by Agnitum.
Guide/site and images ©Stephen Cox