Murus Lite - basics of two things: import blacklist and port blocks

Murus
Post Reply
CatsLife
Posts: 4
Joined: Wed Apr 12, 2017 2:19 pm

Murus Lite - basics of two things: import blacklist and port blocks

Post by CatsLife » Wed Apr 12, 2017 2:46 pm

Murus Lite:

Perhaps I’m too simplistic a mind, but would greatly appreciate a help in hand to do two things. I’ve tried reading the manual and my mind boggles, nothing seems to work. I’ve noticed Murus does not like spaces before a file-name when attempting to import a file, or perhaps I just set it up incorrectly.

I would greatly appreciate someone actually telling me how to do the following with examples.


I do not wish to use Murus as a firewall per se, but simply for bonus features. And use the OSX firewall otherwise. This is how I utilised WaterRoof.

All I want to do is two things:
1. import a CIDR Blacklist (each on separate line) to block incoming (& outgoing if possible.) e.g.: BOThosts.txt
2. block certain BOT ports. e.g.: 27016 and 7001.

It would also be nice to see the amount of blocks per ip/ip range in the same way WaterRoof could but this is not a high priority.

(I just upgraded to OSX 10.11 from 10.6 ten days ago. (mp3,1))

hany
Posts: 484
Joined: Wed Dec 10, 2014 5:20 pm

Re: Murus Lite - basics of two things: import blacklist and port blocks

Post by hany » Wed Apr 12, 2017 9:35 pm

I suggest you to do the following:

- from Strategies panel click "restore default configuration", update runtime rules if requested
- then click 'Start Here' then in the new panel click "close this panel"
- remove the two services (basic services and dynamic ports) from Managed Inbound Services view
- click the book icon on left-top to open the side view then drag the ALL SERVICES icon from the library on the left to the Managed Inbound Services view on the right

You have just set Murus to pass all inbound and outbound connections.
Now if you want to block a list of ip addresses or cidr addresses just add them to the "blocked-hosts" groups. It's a hardcoded group, you'll find it in group library. You can add entries manually or importing from file. All inbound/outbound connections from/to these addresses will be blocked. If you want it also to be logged there is an option in Murus Preferences -> General -> Log Blacklisted Connections

Then to block specific ports you need to create a custom service.
- click the 'gear' button on top of Services Library view then select "Add new custom service"
- a service named "CUSTOM SERVICE" will appear at the end of the services library. Select it and click the magnifier button to edit it
- name it BOTPORTS, insert ports separated by space, leave "all" as protocol, optionally type something in the description field.
- now if you want to block these ports in inbound then drag the service to Managed Inbound Services, if you want to block outbound then drag the service to Managed Outbound Services view. Or both. To switch between the views click the "down arrow" and "up arrow" buttons in Murus toolbar.

If you want to log blocked traffic just edit the BOTPORTS service in Managed Inbound/Outbound Services views to enable logging. Then, using Murus Logs VIsualizer statistics you can analyze your logs.

Once done, you have to click PLAY in Murus toolbar to update runtime pf rules. And you have to do it everytime you change something in your Murus configuration. Then, if you want these rules to be loaded at system boot simply let Murus install its Boot Scripts. You can always install/uninstall boot scripts with one mouse click from Murus' menu "Firewall" ->"Boot Scripts"

Hope it helped

CatsLife
Posts: 4
Joined: Wed Apr 12, 2017 2:19 pm

Re: Murus Lite - basics of two things: import blacklist and port blocks

Post by CatsLife » Fri Apr 14, 2017 3:38 am

Firstly, that’s a fantastic descriptive answer. A+++ Thank you so much!

However I do still have an issue. As soon as I turned the rules on, a torrent program called Transmission immediately indicated it had become firewalled. When I turned the rules off, the program was non-firewalled again. I had thought the first action, ALL SERVICES would revert/default things back to the OSX firewall for basic rules. Or does OSX firewall become non-functional/disabled whilst Muse is turned on?

Do I need to port forward p2p apps within Muse?

Are the Boot Scripts required for running Murus Logs Visualizer?

hany
Posts: 484
Joined: Wed Dec 10, 2014 5:20 pm

Re: Murus Lite - basics of two things: import blacklist and port blocks

Post by hany » Fri Apr 14, 2017 2:05 pm

Firstly, that’s a fantastic descriptive answer. A+++ Thank you so much!
Thanks :) Actually I forgot one important thing. When you drag a service (like BOTPORTS) from the Library to Managed Services, it is automatically set as passed (green icon). To block you have to select it and change its rule dragging groups to the "Blocked" or "Passed" groups column.
However I do still have an issue. As soon as I turned the rules on, a torrent program called Transmission immediately indicated it had become firewalled. When I turned the rules off, the program was non-firewalled again. I had thought the first action, ALL SERVICES would revert/default things back to the OSX firewall for basic rules. Or does OSX firewall become non-functional/disabled whilst Muse is turned on?
The OSX firewall in System Preferences (aka ALF) has nothing to do with Murus, they are completely unrelated.
If you leave only the (passed) ALL SERVICES service in both inbound and outbound then Transmission should not be blocked.
Do I need to port forward p2p apps within Muse?
no you don't need to forward ports as long as you don't use Murus as a router for other Macs. You just have to leave ports open. If you have another Mac (or a virtual machine correctly configured using bridged networking) you can check using a port scanner
Are the Boot Scripts required for running Murus Logs Visualizer?
Yes because Boot Scripts are needed to initialize the logging system.

Post Reply