[psac]

【ZAG】菜鳥級ZoneAlarm設置tips （Last updated: 2006-06-16）
## 針對 06年6月10日 Firewall Leak Tester 網站公開 利用 Windows BITS 服務繞過預定防火牆規則的漏洞作出更新。
詳情請閱：June 10 2006 : Windows BITS service bypasses default firewall rules
新手入門設置ZA 防火牆規則
1.請在點擊開始表菜單，在執行輸入" cmd " ，彈出命令提示字元之後，輸入" ipconfig /all " 查詢得到DNS Servers ；


2. 將DNS Servers 加入 信任區域 （如下圖）；


3.將環回地址加入信任區域（ZA 6 預定配置，可忽略此步驟）



4.保持程式控制列表內"Generic Host Process for Win32 Services"中"Server" 項"Internet"是打叉；

5. 創建"Expert rules" 應用於"Generic Host Process for Win32 Services"；


[size=2]規則如下：
Rank: 1;
State: Enabled;
Action: allow;
Name: Allow Trusted;
Comments: Allow Trusted Zone;
Track: none;
Source: My Computer;
Destination: Trusted Zone;
Protocol: Any;
Time: Any;
Rank: 2;
State: Enabled;
Action: allow;
Name: Allow DNS;
Comments: Allow DNS(UDP);
Track: none;
Source: [Your DNS server IP address(es)] ;
Destination: My Computer;
Protocol: UDP;
Source Port : 53;
Time: Any;
Rank: 3;
State: Enabled;
Action: allow;
Name: windows time;
Comments: time.windows.com;
Track: none;
Source: My Computer;
Destination: Host/Site [time.windows.com]
Protocol: UDP;
Source Port : 123;
Time: any;
Rank: 4;
State: Enabled;
Action: allow;
Name: Other Traffic;
Comments: Allow Other TCP Traffic;
Track: none;
Source: My Computer;
Destination:

IP Range Destination IP Range
1 Microsoft 64.4.0.0-64.4.63.255
2 Microsoft2 65.52.0.0-65.55.255.255
3 Microsoft3 207.46.0.0-207.46.255.255
4 Microsoft4 208.174.0.0-208.175.127.255
5 Microsoft5 208.175.160.0-208.175.223.255
6 Microsoft6 212.0.0.0-212.255.255.255
7 Microsoft7 213.0.0.0-213.255.255.255
8 Microsoft8 195.0.0.0-195.255.255.255
Host/Site Destination Host name
1 winupdate download.windowsupdate.com
2 rad.msn.com rad.msn.com
3 shared.live.com shared.live.com
4 storage.msn.com storage.msn.com
Protocol:
Protocol Destination Destination Port
TCP HTTP 80
TCP HTTPS 443
Time: any;
Rank: 5;
State: Enabled;
Action: block;
Name: Block all;
Comments: Block all;
Track: Alert and Log;
Source: Any;
Destination: Any;
Protocol: Any;
Time: Any;
完畢！安心上網咖！！！高手勿插！！！