Jetico for everyone!

After many discusions that i saw on the net, and on this forum, about the difficulties to configure Jetico and that the program is not for anybody but just for the computer geek´s, I offer you this Jetico Rule Set.Using this, Jetico becomes easy to use,just like the most simple firewalls but always remain Jetico, the best one.
Import this rule and go.
For every new open program Jetico ask to accept.
If is System application or program what no need internet access like a notepad,office, Apply with "Handle as.. AccessToNetworkOnly".
If is program what need internet access like a Antivirus for update, or Spyware program for update, or Skype,BitComet,Torrent,Emule, apply with "Handle as.. FullAccess"
Rule is configured for Firefox 1.504 and IE. No popup full stealth. If you have issue about,ask.
Credit a Jetico.Team for this software.
Have Fun...

If you use Proximitron or another proxy software configure rule:
When Proxo start and Jetico ask to accept, apply Proxo with "Handle as.. FullAccess", now go to table "Ask User" click find "Internet Explorer" rule,two click to it and change "Verdict:" to "LocalhostOnly"
Thats it! Enjoy.

I might try jetico again now.I gotta be honest.. i failed even to get a net connection last time even though i tried for about an hour different variations on rules.I use admuncher so perhaps that was the problem.Perhaps the proxy rule will fix that?.I wish there was a step by step tutorial with pics somewhere ,as it would make it a lot easier for idiots like me. ;)
ellison

-{ Quote: "I might try jetico again now.I gotta be honest.. i failed even to get a net connection last time even though i tried for about an hour different variations on rules.I use admuncher so perhaps that was the problem.Perhaps the proxy rule will fix that?.I wish there was a step by step tutorial with pics somewhere ,as it would make it a lot easier for idiots like me. ;)
ellison" }-

Like you, I never managed a connection with Jetico. I have been waiting hoping that they would bring out a friendlier version. Now Olap has posted these rules I might take another look at it. There is a posting by Stem here (http://www.wilderssecurity.com/showthread.php?t=121009&page=4)
which might help you.

I have been trying out Comodo over the last few days. Not sure about it and it slows everything down so have reverted to Kerio 4

Hi...
When "admuncher" start and Jetico ask to accept, click on "Handle as.. FullAccess" "OK"
This is rule for "admuncher".
Now open Jetico, right click on "OQ's JPF rules" and apply "Flat view"
On left side you see table "Ask User" click on it.
On right side yuo see "IExplorer" icon (rule with FullAccess) two click on it.
Now you have new window, click on "Verdict:" and change "FullAccess" to "LocalhostOnly" "OK"
And go on the InterNET. You no need another rule.(you know that your browser must be configured to
localhost?).
Same work is for "Firefox" , "windows explorer" - to "AccessToNetworkOnly"
If yuo use "firefox" with "admuncher",then "firefox" to "LocalhostOnly", IExplorer to "AccessToNetworkOnly" or vice versa.
Access to "net" is not access to "internet"!
Thats it! Enjoy.

Mmm...well i just uninstalled avg plus firewall to try jetico again,and used the ruleset and it worked !!.Getting a little cocky i "reverted to factory settings" so that the ruleset would be default again and tried to follow what jetico was asking and give it a rule....and it worked again !!.Now the last time i tried jetico i had antivir premium installed and im wondering whther there was some sort of conflict there.Im gonna try and install antivir premium again with jetico and see if it stops my connection.Olap...is it ok for windows explorer to go in app trusted zone?.I dont really want it to connect to net ,just open other apps that connect but not sure of exact rule to use...see pic

Olap!!!!
A note of thanks for the text configuration, and of course thanks to the Jetco team, made my life a litte easier:-);D

I know this is a stupid noob question, but I ask it nonetheless. How do I import the ruleset? I have downloaded the file but I have no idea how to use it. :-[

You rename the file from Olap.bcf.txt to Olap.bcf, then click on file in Jetico
and select open.

I think that is how it is done.

Thanks. I did that and it opened like it should, though I now have two separate root trees showing under configuration. I hope that is okay. Now I will dart back into the shadows and resume lurking.

Ask User

-{ Quote: "Jetico for everyone!

After many discusions that i saw on the net, and on this forum, about the difficulties to configure ------
Credit a Jetico.Team for this software.
Have Fun..." }-

I can,t read it. It seems damaged and i see only some strange characters, ytried tio open in NotePad and Word Pad but same.
Is it written in MS word?

-{ Quote: "I can,t read it. It seems damaged and i see only some strange characters, ytried tio open in NotePad and Word Pad but same.
Is it written in MS word?" }-

See this post...

http://www.wilderssecurity.com/showpost.php?p=766673&postcount=9

Olap, that is so cool of you:thumb:

This gives me some hope now! I have searched for a tutorial on Jetico to no avail.

Thanks so much;)

OK, I think that first step (access to internet with proxy or without is resolved for everyone? free of hundred pop up, without grave problem? have a look that Jetico is not bugbear!). You have tested your config. on the web test page? and pass all? I think yes! Thats it good. This Rules have more option!
Now, when you wish, we can go walk-up for fine tune this rules?
Ask!
Thats it!

For @aigle and all...
To convert "Olap.bcf.txt" to "Olap.bcf "!
Open one "Folder" go Tools-->Folder Options-->View-->unstick "Hide extensions for know file types" -->Apply-->OK
Now right click on file "Olap.bcf.txt"-->Rename then delete ".txt"
By popup "Rename" click "Yes"
Thats it! Enjoy.

An entire life have wait for this Rules, and now I not listen nobody?
Strange!

-{ Quote: "An entire life have wait for this Rules, and now I not listen nobody?
Strange!" }-
You can see some, here: http://www.nautopia.net/

-{ Quote: "Olap, that is so cool of you:thumb:

This gives me some hope now! I have searched for a tutorial on Jetico to no avail.

Thanks so much;)" }-
I find one in Spanish: http://www.nautopia.net/archives/es/win_cortafuegos_y_control/jeticofw/manual_jetico_firewall.php

-{ Quote: "You can see some, here: http://www.nautopia.net/" }-
The english site doesn't work...

-{ Quote: "An entire life have wait for this Rules, and now I not listen nobody?
Strange!" }-

Thanks for the rules, a useful addition to this fantastic firewall.

I would not advise anyone to use "Allow All" rules for a browser,. particularly not IE. Allowing all inbound connections can give rise to allowing "Pass by" inbound. (Allowing all is bypassing the SPI)

@Stem

false, IExplorer log "FullAccess", test you self!

Have Fun....

olap
-{ Quote: "false, IExplorer log "FullAccess", test you self!" }-You need to check your logic on allowing inbound connections, (your rules for IE as example allow any event/ any protocol),... yes these will be passed to the SPI rule, but all events will be allowed, which means ANY inbound/outbound will be allowed (even unsolicited inbound). This is very dangerous practice, and again I would not advise anyone to use "Allow All" rules with a browser.
Think about it,.. How can you have SPI on inbound connections!

@Stem
again false!!! IExplorer log "FullAccess", test you self again!!!

@Stem
2 time again false!!! IExplorer log "FullAccess", test you self again!!!

respect to you, but sorry, what is this comment, in fisrt post pass noting
then pass SPI yes, but non pass inbound/outbound, Please test you first!
"Think about it,.. How can you have SPI on inbound connections!" ???
what is "SPI incoming packet" ????

Correct me if I am wrong, but SPI is all about incoming connections. It can determine whether or not a TCP connection is a response to one initiated by the computer than allows it if it is. It thus blocks all unsolicitated connections such as port scans, worms, etc.

Cheers,

Alphalutra1

@Stem
no compree what yuo Think with this:
"Think about it,.. How can you have SPI on inbound connections!"?

and say you

what is then "SPI incoming packet"?

olap,
If you have a rule to "Allow ALL", then it will Allow all. It will not matter what outbound states are being kept as the rule to "Allow All" will bypass this and allow all in/out.

SPI is to keep track of the outbound connections, to allow only replies from the connections that are made outbound, this then stops any inbound connection attempts, but your rule to "Allow all" will bypass this and allow the inbound from anywhere.

Stem
I must say false again, sorry
very, very respect to you again, but you answer arrive slightly embarrass
examine yuor answer
look at carefully initially in what manner this rule work
this rule work unusual
accept all not accepted "continue" then accept "warning" in Log Level for all
what you desires
then test IE or Fox same on the test page with "FullAccess"

http://www.it-sec.de/vulchk.php/inhalt/vulchk.php/?sid=e4bb071714d7bcdf16348980d9c01fdf&WARNING

_READ=1&PROXY_READ=1&submit=Check+host%21

http://www.auditmypc.com/freescan/scanoptions.asp

https://grc.com/x/ne.dll?bh0bkyd2

go too you Log and look at carefully

then explain what is "SPI incoming packet", "SPI outgoing packet" what is "Block incoming packet" and what is "Block outgoing packet" and full stealthy
I now what is "allow", but I now what "reject" is too
then go with standard "Allow ALL" by Jetico on https://grc.com/x/ne.dll?bh0bkyd2

Have Fun..

Hi olap,
I would like to continue this, and set up to show you, but I really dont have the time to waste, but, if what you say is correct, that the "Full Access" rule will block inbound connections, then the "Full Access" rule is no good for pgms such as "emule / torrent clients" etc as you have stated, as these require inbound connections to be allowed.

Good luck

Stem
false again, sorry
another confuse answer arrive
how you know "Allow ALL" rule for application like eMule is direct connection,
you non recieve event from firewall, true!
when you connect eMule with "FullAccess", o je you recive many, many events like "Stateful UDP Inspection incoming packet","Stateful TCP Inspection incoming packet", "Stateful UDP Inspection outgoing packet", "Stateful TCP Inspection outgoing packet", "reject TCP/UDP incoming packet" and "reject fragmented packet" end work like a charm!
same is with "µTorrent" too!
I think that I waste my time with this discussion, all this I have tested before
sharing Rule file on the net, if this is hard for you swallow up, go!
for what all this, you can wast your time 5 min for test!
I go
Sailin' the high seas, matey! Away and away....

-{ Quote: "Stem
false again, sorry
another confuse answer arrive
how you know "Allow ALL" rule for application like eMule is direct connection,
you non recieve event from firewall, true!
when you connect eMule with "FullAccess", o je you recive many, many events like "Stateful UDP Inspection incoming packet","Stateful TCP Inspection incoming packet", "Stateful UDP Inspection outgoing packet", "Stateful TCP Inspection outgoing packet", "reject TCP/UDP incoming packet" and "reject fragmented packet" end work like a charm!
same is with "µTorrent" too!
I think that I waste my time with this discussion, all this I have tested before
sharing Rule file on the net, if this is hard for you swallow up, go!
for what all this, you can wast your time 5 min for test!
I go
Sailin' the high seas, matey! Away and away...." }-
I think you really need to read up on SPI, a starting point is http://en.wikipedia.org/wiki/Stateful_firewall
You should get an understanding that with programs such as "emule" that require inbound connections,... these are unsolicited inbound connections,.. there is no prior knowledge of the IP`s that will ask for the inbound connection,...

EDIT:
To run a very simple test, I have installed a "Torrent client" while running this with "Fullaccess" rule, unsolicited inbound connections where allowed. This just confirms that the "Fullaccess" rule is dangerous to use for browsers.

another very, very confused answer
I believe only in Log screen like this:
I see that you need little help with this rule, just ego is to big!
then you maybe understand that application is not direct connected, but through a firewall!
see to Log screen and folow "continue"

IE & Skype
then you maybe understand that application is not direct connected, but through a firewall!
see to Log screen and folow "continue"

Very amusing lol.

olap,
You have a lack of understanding on this.
It is not what is being blocked that is of any interest or concern to me, it is what is being allowed.
Your ruleset allows inbound TCP SYN packets (unsolicited inbound connections) to any/all ports, this I have checked with a torrent client. This is a major problem when the ruleset is used with browsers.


-{ Quote: "Very amusing lol." }-These posts are,........ but the fact users will be online, possibly with IE using this ruleset is not, I just hope they have a good AV that can catch worms etc.

This is my last post on this, as olap just cannot understand that if the ruleset will allow inbound connections for a torrent client, then the exact same ruleset when used for a browser is going to allow inbound connections for that browser.

dear Stem I understand very, very, good!
and I understand your frustration too
took a two day off, and then come back
résumé of the our informal discussion on this rule, from your first post where "FullAccess"
rule alow all, be arrive only on "TCP SYN packets", how to? strange! what yuo think???
false again, you be only slightly confused
Fox & IE with "FullAccess" rule
folow "continue"

test from: https://grc.com/x/ne.dll?bh0bkyd2

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Everyone be able to make this probe, if you need help how to enable event in Jetico ask!

Have Fun...

olap, any updates on ur bcf config?

i am really a idiot on this;D

Update:

To convert "Olap.bcf.txt" to "Olap.bcf "!
Open one "Folder" go Tools-->Folder Options-->View-->unstick "Hide extensions for know file types" -->Apply-->OK
Now right click on file "Olap.bcf.txt"-->Rename then delete ".txt"
By popup "Rename" click "Yes"
Thats it! Enjoy.

-{ Quote: "olap,
This is my last post on this, as olap just cannot understand that if the ruleset will allow inbound connections for a torrent client, then the exact same ruleset when used for a browser is going to allow inbound connections for that browser." }-

When this thread first came up I thought it would be a way to get Jetico to install and run. Now two people who know a lot more than me cannot agree on a safe way to set this up correctly, what chance do I stand. Maybe I should leave well alone. This really seems to be a geeks or experts f/w (no insult intended). From the little knowledge I have, Stem's argument seems more logical.

You have two possibility, make rule alone [how you say "little knowledge I have"(is no insult)], and test you configuration on the net, or applying rule for someone with few more experience, and again test on the net.
question is, which variant is comfortable for you!
with updated rule you can see Log "Block All not Processed IP Packets".
Your verdict

Have Fun...

Hi everyone!

I´m using this Rule Set (thanks Olap!), but I tried the TrueStealth test and I only have 3 ports stealth and the other ones Closed, so I don´t pass the test. Is this correct? If not, can anyone help me?
I´m using mozilla firefox (last update) at FullAccess.
Beside, I have some problems with svchost, because I have to change it in the rules with mine because ther isn´t another way to have internet. Thank you very much!

explain your internet connection, problem is only with your "svchost" rule

First of all sorry about my english, I´ll try to do my best.

I´ve got a router. Svchost seems to change its hash code, I don´t know why. And when I try to use irternet frist time I install Jetico, I have to do a Rule for it with full access (or change yours to point my svchost.exe). If I don´t do that I can´t use my internet connection. I use FullAccess for Firefox and IExplorer. If you need to know something especific, please tell me (I don´t know what you need to know) .

On the other hand, what about the TrueStealth test?

Thank you very much for your attention!

@ Drazhar

Restart Jetico with fresh updated "Olap.bcf" rule
this rule is configured for "winxp pro sp2 English Edition", if your "svchost" change its hash code then you have different "win OS".
1. go "Application Table" and direct all "svchost" rule to your system "svchost" point
2. go "Ask User" table and direct all system application rule to your system point
3. go "IP Table" and kindle "Allow DHCP request" and "Allow DHCP reply"
4. go "Start"-->"All Programs"-->"Jetico"-->"Configuration Wizard"
go "Trusted zone" and enter your "Router" IP (example 192,168.2.0/255)
start your "browser" with "FullAccess" rule
test on internet and come back

Have Fun..

Okey, I´m here again!

I do want you tell me and now I have internet access. I tried again the TrueStealth test, and I have the same ports closed and 3 stealth. What I have to do now to turn all that ports stealth? Thank you for your help and sorry if I´m a bit boring! :'(

@ Drazhar
Your "Win OS"?
create one screen jpg from Jetico "Ask User" table and post

Here it is!

Spanish Windows xp sp2 I think. Thanks again ;)

Olap

Is your current ruleset for a computer without a router or will it work with a router also or is do I need to set it up diferent?

I have to admit, when I first installed your last ruleset, I was wondering about the full access also. It looked starnge to see that as a rule.

controler

-{ Quote: "You have two possibility, make rule alone [how you say "little knowledge I have"(is no insult)], and test you configuration on the net, or applying rule for someone with few more experience, and again test on the net.
question is, which variant is comfortable for you!
with updated rule you can see Log "Block All not Processed IP Packets".
Your verdict

Have Fun..." }-

Thanks Olap

Firstly the one with little knowledge is me not you.

I think I will watch and see how this develops before trying it out.

@ controler

Yes!
Restart Jetico with fresh updated "Olap.bcf" rule

if you have "winxp-pro" follow:

go "Application Table"

- kindle "Allow DHCP request"
- kindle "Allow DHCP reply"
- kindle "Allow DHCP update request"
- kindle "Allow DHCP update reply"

go "IP Table"

-kindle "Allow DHCP request" and "Allow DHCP reply"

go "Start"-->"All Programs"-->"Jetico"-->"Configuration Wizard"
go "Trusted zone" and enter your "Router" IP (example 192,168.2.0/255)

if you have win "2k0" follow:

go "Application Table"

- kindle "Allow DHCP request" rule and readdress "application" from
"C:\WNDOWS\System32\svchost.exe" to "C:\WINNT\System32\services.exe"

- kindle "Allow DHCP reply" rule and readdress "application" from
"C:\WNDOWS\System32\svchost.exe" to "C:\WINNT\System32\services.exe"

- kindle "Allow DHCP update request" rule and readdress "application" from
"C:\WNDOWS\System32\svchost.exe" to "C:\WINNT\System32\services.exe"

- kindle "Allow DHCP update reply" rule and readdress "application" from
"C:\WNDOWS\System32\svchost.exe" to "C:\WINNT\System32\services.exe"

go "Ask User" table find "services.exe" rule and readdress from "AccessToNetworOnly" to "TrustedZoneOnly"

"Ask User" table and direct all system application rule to your system point

go "Start"-->"All Programs"-->"Jetico"-->"Configuration Wizard"
go "Trusted zone" and enter your "Router" IP (example 192,168.2.0/255)

start your "browser" with "FullAccess" rule
test on internet and come back

Have Fun...

-{ Quote: "go "Start"-->"All Programs"-->"Jetico"-->"Configuration Wizard"
go "Trusted zone" and enter your "Router" IP (example 192,168.2.0/255)" }-

Looking at my local area connection, I have IP address then have default gateway address. I guess what i have is technicaly a gateway and not called a router so I should use the gateway (DHCP Server IP) ?

controler

Yes , default gateway, enter IP 192.168.2.0/255

Olaf but my default gateway is 192.168.0.1

You are confusing me.

Yes enter IP 192.168.2.0/255 this is in range 192.168.2.0 to 192.168.2.255

I am finding Jetico will not save my rules. If I shut it down and restart it, it is back to the old rules. I am thinking it is time to change firewalls.

controler

@ controler

go Jetico-->Options-->General and - kindle "Automatically save changes"

Hi controler,
-{ Quote: "but my default gateway is 192.168.0.1" }-This is your router IP.
For Jetico config, you would enter 192.168.0.1/24 (CIDR format (this is how it will show in Jetico))
As networkmask it would be entered as 192.168.0.1/255.255.255.0

Stem welcome back, only with less hate please!
and please stop post without tangible rationale, otherwise I must change
this threads name to "Olap rule making me crazy"!!

Holla at ya boy!
Go ahead and try not sue me!

You have now Rule that artless Jetico use, this is New Age!
someone will verify him so many they won't do him, but Thats it!

quick deployment of "FullAccess" rule, this rule permit to any
application "only"!! outgoing to internet to any IP any port
and then Rule "continue" is not "Allow all"!
similar how "LocalhostOnly" rule permit any
application "only"!! to "Localhost" and then "continue"
with this Rule you are Full protected, you have option
for more fine tuning "Packet Filter" rule and "Application" rule by you self!

sooner or later you will use her all, matter of time, is free alternative!
maybe you see similar rule by next JPF2.0.0...I don't know? maybe?LOL
See Ya... by next.! I am maybe really geek´s, I don't know! LOL
nevertheless its just a game..
goodby... and Have Fun...

I must go...

Sailin' the high seas, matey! Away and away....

-{ Quote: "Stem welcome back!" }-Thank you for the welcome,.. but I only posted to correct your posts

-{ Quote: "Olaf but my default gateway is 192.168.0.1-{ Quote: "Yes , default gateway, enter IP 192.168.2.0/255-{ Quote: "Yes enter IP 192.168.2.0/255 this is in range 192.168.2.0 to 192.168.2.255" }-" }-" }-
Incorrect info for "controler" config.

I have nothing personal against you,.. only your ruleset,.........and would certainly not use your ruleset.

olap,
First of all, please stop editing your posts, it is a little difficult to follow at times.
-{ Quote: "Go ahead and try not sue me! " }- why would I attempt,..

-{ Quote: "You have now Rule that artless Jetico use, this is New Age!
someone will verify him so many they won't do him, but Thats it!
quick deployment of "FullAccess" rule, this rule permit to any
application "only"!! outgoing to internet to any IP any port
and then Rule "continue" is not "Allow all"!
similar how "LocalhostOnly" rule permit any
application "only"!! to "Localhost" and then "continue"" }-I respect very much your attempt and effort to make Jetico more easier for users, but from tracing your ruleset, there are a few holes.
-{ Quote: "with this Rule you are Full protected, .." }-Please,... re-check your logic behind your ruleset.
-{ Quote: "for more fine tuning "Packet Filter" rule and "Application" rule by you self, for this I give way on this threads to Stem is very good, yes Stem your are very good!" }-I thank you for this, but find it undeserved, I simply attempt to help others with configs. (I have posted before, that I would/will not post full configs for Jetico, (due to a possibility of error, I will only post rulesets_per_app,))
-{ Quote: "and come back, non be angry, continue with this Rule is very good," }-I am not angry, just concerned for the safety of others on the internet.
-{ Quote: " cannot be always stubborn, certain times you must also accept new things if you don't like or
they change way of yours to see the things, and also they are good
sooner or later you will use her all, matter of time" }-I will admit, I am stubborn at times, but will accept new, if it is better.
-{ Quote: "maybe you see similar rule by next JPF2.0.0...I don't know? maybe?LOL" }-Maybe,.. but I hope not.


Maybe "olap ruleset 2" will be better,....
Best regards,

olap,
As I have been unable to set up to test, I got one of my associates to run some attacks (connection attemps) while I was browsing with IE using your ruleset. I set the TCP SPI to logging for this. My associate managed to connect in. Log attached.

Stem
Bravo, this is "acept Stateful TCP Inspection" rule (enabled SPI inspection not connection)
now enable "log level" in rule "Block All not Processed IP Packets"
you must go to yuor "associates to run some attacks (connection attemps)"?? again
same test you can make faster on http://www.pcflank.com/ or https://grc.com/x/ne.dll?bh0bkyd2
right click on it in Log then "Copy text" and you can see same SYN packet
rejected by "Block All not Processed IP Packets" rule

Have Fun...

@ khazars

use updated rule from post #40 is enabled by default.

olap,
The inbound was accepted. Check the log, a SYN_ACK was returned.
These are not simple pings/scans for ICMP that where made.

I have cetainly wasted too much time with you on this,.. as you think that if a firewall does not return ICMP, then that will keep you safe.

Stem

I have cetainly wasted too much time with you,

"I got one of my associates to run some attacks (connection attemps)" ha, ha, LOL!

You has entered the zone that your mind cannot conceive!


If you wish to make me laugh, say wath you think! you and your associates! LOL LOL

Have Fun..

Thanks for your rules, it's the first time I could really test Jetico. Everything seems great, except my speed is totally down with Jetico. My max speed is about 1.8 MB/sec, with Jetico running it's like 90kb/sec. Quite a big hit on my connection :(

Any idea what this might be?

@ rpi

explain your connection (LAN, router)?

It's LAN connected to the Internet through a router (IPcop).

My router adress is 192.168.1.1
Subnet of course is 255.255.255.0

My system is using a fixed IP address, in this case: 192.168.1.5

go post #52

Absolutely no change. Something in your ruleset makes the connection extremely slow.

enter your fixed IP address

Uh, you mean in the configuration wizard? No change at all. It's still slow as hell, max 98kb/sec. Tested with http://www.speedmeter.nl.
I load your config. I apply the changes from post #52 (altough I don't get the DHCP stuff - I have a fixed IP). I apply your config, some popups about programs I set accordingly. I set Firefox to Full Access. Suuuuper Slow. I apply "Allow All" to see if it's because of Jetico - but no. Now everything is fast as it should be.

Uh, you mean in the configuration wizard? No change at all. It's still slow as hell, max 98kb/sec. Tested with http://www.speedmeter.nl.
I load your config. I apply the changes from post #52 (altough I don't get the DHCP stuff - I have a fixed IP). I apply your config, some popups about programs I set accordingly. I set Firefox to Full Access. Suuuuper Slow. I apply "Allow All" to see if it's because of Jetico - but no. Now everything is fast as it should be.

is ok or not?

No it's not ok. With your rule speed is: 111.4 KByte/Sek with no other activity on the network.

With the "Allow All" ruleset that comes with Jetico, and simply allows everything, I have full speed, about 1800 KByte/Sek. So I know it's not a Jetico bug that makes my network very slow.

@ rpi
go "Ask User" table and change svchost.exe rule from "TrustedZoneOnly"
"FullAccess"

Unfortunately no change. It's still only like 50-90 kb/sec. To test I changed all the system rules to Full Access with no change. That's my speed without your ruleset: 1,990.7 KByte/Sek

I totally back 'Stem' up on saying that 'Olap's ruleset makes Jetico less safe. Especially when it allows your computer to accept unsolicited connections that could be malicious. The defaults for Jetico were put there for a good reason. Hell, Jetico passes more firewall vulnerability tests out of the box than almost any others on their highest security settings. Once installed and set to automatically save changes, you can then customize it to YOUR setup. You answer the prompts easy enough but you must know what it is asking you. It might take a little bit of learning more about TCP/IP and other protocols but it is worth it for it's protection. I was intimidated at first by Jetico but the more I configured it for ME, the easier it became to understand it, and it did not replace my previous firewall until I became comfy with it. I would never suggest Jetico for everyone. If someone asks me to help them setup a solid firewall and they don't know much about security, I will help them with ZA, Sygate, or something similar.

IF YOU FAIL TO LEARN HOW JETICO WORKS AND USE RULESETS THAT HAVE BEEN DESERVINGLY QUESTIONED THEN YOU ARE PUTTING YOUR INTERNET SECURITY IN SOMEONE ELSE'S HANDS. IF YOU CANNOT USE JETICO EXCEPT BY RELYING ON SOMEONE ELSE'S ADVICE WITHOUT KNOWING WHAT IT DOES FOR YOUR SETUP, THEN YOU SHOULDN'T BE USING IT.

'Stem' has given some excellent support for Jetico here on other threads and if someone wants to get their hands dirty learning it, then the help is there. I would be VERY wary of the ruleset put forward in this thread that 'Stem' tested and said ACCEPTED INCOMING UNSOLICITED CONNECTIONS, and 'rpi' is now complaining screws up his download speed. I have searched about everything I could on Jetico and have never seen its default config slow down an internet connection.

No offense 'Olap', but I really think you need to rethink your approach to Jetico. 'Stem's approach is much safer - publishing individual app rules rather than a end-all be-all ruleset.

olaps ruleset is very good from the security point. It alerts any connection attempt. I don't care about incoming stuff since I have a router. The only problem is the brutal slowdown and I don't see why it does that. Maybe I kick it off and give Comodo a try.

rpi, i have a router as well and i am running Jetico in one pc configuring it as if i had no router at all, this way should the router fail (very unlikely,but..) i wouldnt suffer.
Why giving Jetico a premature kick when you can go back to a default optimal configuration and start over?
Even with its default, out of the box, state Jetico is far too good for many a firewall,as Charincol already stated in his previous post!
Why dont you restart with the default config and proceed to add a rule at a time when you feel confident about it,with no fuss at all? This way you will both learn and build something more valuable-efficiency wise-than anything pre-configured or standard. Reading all Jetico concerned threads here will help to understand this 'alien' program which is unique and outstanding.
I only hope Stem patience will last....:D

@ irp
I don't have a hardware router to test I have dial-up,
do you have maybe AntiVirus with Web Antivir enabled? disable WebAntivirus!
with KAV-webantivir enabled I have problem with slow connection!

@ charincol
about your opinion and conclusion

'Stem' tested and said ACCEPTED INCOMING UNSOLICITED CONNECTIONS"

read last two post from 'Stem'!

'Stem' tested and said accept "Stateful Inspection" is hole?

-{ Quote: "for you and Stem from Jetico Manual!
Stateful inspection
network packet processing aware of connection state.
Please note that the firewall processes rules one by one until the program finds the rule with parameters corresponding to parameters of the analysed network packet. As soon as such a rule is found, the firewall blocks or accepts the packet according to the rule's verdict." }-
Look how much Stem understand from this in his last post, below! NOW WITH SEGUEL

I see that you use LnS, and when you use Phant0m`s ruleset YOUR INTERNET SECURITY IS IN SOMEONE ELSE'S HANDS TOO? stupid! yours and stupid! Devil's Advocate finally conclusion!

just that much about your and Stem mastery from firewall! how firewall work, which rule is before and afterward Stateful Inspection rule and, and....!

PS. Hola charincol & Devil's Advocate, maybe are yuo this special associates from 'Stem' that run some special attacks (connection attemps)? how Stem say My associate managed to connect in? continue run, run, run.. LOL

PLEASE...!
Have Fun..

olap,

-{ Quote: "'Stem' tested and said accept "Stateful Inspection" is hole?" }-
Stateful packet inspection will not protect you when, as your ruleset (full access) will allow inbound connections from any IP.
-{ Quote: "how Stem say My associate managed to connect in" }-
They where able to connect in, because your ruleset "Allows inbound connections"
-{ Quote: "just that much about your and Stem mastery from firewall! how firewall work, which rule is afterward Stateful Inspection rule and, and....!" }-olap,.. your lack of knowledge on this is quite scary,..considering you are posting full rulesets
Your ruleset (fullaccess) "Allows Inbound connections",... this you are now admitting, but saying this is safe as it is going through the SPI (stateful packet inspection).
This is part of a post by "Paranoid2000" in respect to SPI for OP-{ Quote: "
SPI should not be used with a rule for incoming connections - there is no way for Outpost to determine if such a connection is legitimate and would result in further connections being permitted (port scans being a major example)." }- original post here (http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=7443)
This is true for Jetico for allowing inbound connections

Finally some voices of reason from poirot and charincol.

-{ Quote: "
IF YOU FAIL TO LEARN HOW JETICO WORKS AND USE RULESETS THAT HAVE BEEN DESERVINGLY QUESTIONED THEN YOU ARE PUTTING YOUR INTERNET SECURITY IN SOMEONE ELSE'S HANDS. IF YOU CANNOT USE JETICO EXCEPT BY RELYING ON SOMEONE ELSE'S ADVICE WITHOUT KNOWING WHAT IT DOES FOR YOUR SETUP, THEN YOU SHOULDN'T BE USING IT.
" }-

Also I don't know why there is this sheep like tendency for newbies to want to use Jetico. Sure , it's light, it's flexible and more importantly to noobs it has all sorts of "process attack" rules that help it handle leak tests and to them it's the most important thing.

What they fail to realise is

A) unlike almost every firewall in the market, it doesn't run as a service, so it doesn't start untill the user logs in, creatiing a period of vulnerability.

B) It's flexible and powerful, but flexible and powerful is useless if you don't know how to use it. Oh sure with drastic rule set editing you can change it into a zonealarm free clone, but if that's case, why not just use zonealarm lol.

C) You know all those irriating popups you are complaining about? Well a number of them (particularly the event "access to network) are what allows the company to claim that they are able to beat a lot of leak tests. Oh wait, you don't understand what all the prompts mean and click yes to everything? Too bad there goes your leak test protection.

Or maybe some of your experts just completely turn off "access to network (we alert on everything)" feature Well there goes some of your resistance to leak tests. :)

D) Want to know another reason for the annoying popups that never seem to go away? Stupid Jetico doesn't have any autoupdating of modified files. Just updated Firefox so that the hash of the file changes? Oops, you have to drill down into the rule set and manually create the rules again.

Sure there are work arounds, so you need only do it *once* per application by using application groups, but still fustrating. Compare to good old ZA or Kerio, they warn you that the file has changed and [B}ask you{b] if you want to allow. Click yes, and all your rules are updated, no fuss no muss.

Seriously if you don't have the chops to run something like Kerio 2, don't borther thinking you can run Jetico without more learning. You can't. And you will end up with less protection.

Advocate

-{ Quote: ""Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein" }-

God bless Jetico Team for this excellent firewall!

Holla at ya boy!
Go ahead and try not sue me!

OK, first shock and stupid reaction from quasi geek is gone by.
This is normal, no more mystery about Jetico is no more quasi geek, and this unhappiness them!
Someone with more knowledge on the subject not react in this manner!

Significant is that nobody is any more crazy with Jetico!
So is good! Only this be my intention!
Updated rule come out soon.
See Ya...

PS. Sign up and receive a Standard Audit of your system, http://securityspace.com/sspace/index.html, and find out whether or not you have any vulnerabilities that hackers could exploit.
Examine your system with a comprehensive suite of 10914 vulnerability tests to learn if your system's security is at risk.
It's free to do the basic test, although you have to register, and it takes about 3 hours to complete
your browser with "FullAccess" rule pass this test 100%

God bless Jetico Team for this excellent firewall!

Hola!
New updated Ruleset with "Application filter" and "Packet filter" be out!
For all yours Application "Browser type" or Application what need internet access or update through port HTP,HTTP,or FTP use "FullAccess"(IExplorer, Firefox,Proxomitron,AdMuncher,Privoxy,Anti-Virus,AdAware,SpywareBlaster,SpybotSD,Ewido,Tor,FTPClient,DownloadManager,Messenger..etc Apply "Handle as..."FullAccess"
For P2P Application,this rule is created for eMule,UTorrent and DC++,if you use BitComet or
Azureus..etc, only what you need for this application is to enter new Inbound Access rule to
"P2P" table!Apply "Handle as..."FullAccess"
If you need to create new "table" for your "new Application", create new "table" under "root" with rule for this Application, then go to "FullAccess" table and create new (Application rule with verdict direction to your "new table name").You can see how in this rule!
In "Ask User" table apply "Handle as..."FullAccess" for this new Application!
For Application and system what no need internet access apply "Handle as..AccessToNetworkOnly"
If you use Tor-Privoxy-Proxomitron to access to internet apply "Handle as..."FullAccess" for
this three Application, rule is created in "TorPrivoxyProxomitron" rule!

-{ Quote: "To convert "Olap2.bcf.txt" to "Olap2.bcf "!
Open one "Folder" go Tools==>Folder Options==>View==>untick "Hide extensions for know file types" ==>Apply==>OK
Now right click on file "Olap2.bcf.txt"==>Rename then delete ".txt"
By popup "Rename" click "Yes"" }-

You have now Rule that artless Jetico use, this is New Age!
someone will verify him so many they won't do him, but Thats it!

as I am good ;D

Enjoy...

because you have cancelled your post?

Hi, olap

-{ Quote: "
I see that you use LnS, and when you use Phant0m`s ruleset YOUR INTERNET SECURITY IS IN SOMEONE ELSE'S HANDS TOO? stupid! yours and stupid! Devil's Advocate finally conclusion!" }-
Strange words to use considering your very Post in starting of this thread was with a Rule Set Olap.bcf.txt.

Anybody using that Rule Set must be PUTTING THEIR INTERNET SECURITY IN SOMEONE ELSE'S HANDS ALSO. ;D

Take Care,
TheQuest 8)

-{ Quote: "I see that you use LnS, and when you use Phant0m`s ruleset YOUR INTERNET SECURITY IS IN SOMEONE ELSE'S HANDS TOO? stupid! yours and stupid! Devil's Advocate finally conclusion!" }-
I had missed that TheQuest.

I do understand some TCP/IP. I have an outdated Net+ certification and have dealt with traffic shaping in FreeBSD's ALTQ and l7filters using a wondershaper script in Linux.

I have not been using L'n'S for a while now. But, when I did, I had a pretty good grasp at what Phant0m's ruleset was doing and had no problem creating rulesets for P2P apps and more secure MS lansharing rules to replace the default ones.

I installed Jetico inside a Win98 virtual machine to start learning it. Then I installed it on my XP gaming partition. Once I felt comfortable with it there, I replaced L'n'S with Jetico on my main XP partition and haven't looked back. Maybe sometime soon I'll try Tiny.:wacko:

I did not immediatly put my trust into Jetico or someone else's suggestions or rules until I learned how to use it or at least had a pretty good understanding of it, just like I did with L'n'S. That's what I meant when I said that if you do not understand how to use Jetico or any other packet filter firewall with your own rules or someone else's, you shouldn't be using it. You would be better off with just XP firewall or behind a router.

@ TheQuest

-{ Quote: "Originally Posted by TheQuest
Strange words to use considering your very Post in starting of this thread was with a Rule Set Olap.bcf.txt." }-

Dear TheQuest, my to know on the net traffic or firewall doesn't originate from number of post on the this forum but originates of the school, have understood! of the school!
If you believe that yours to know is worth more with title "Very Frequent Poster", continuous to believe!
Dear Quest the paranoia is not substitute to understand!
Discussion with you I stop here!

someone will verify him so many they won't do him, but Thats it! 8)
as I am good with Jetico! ;D

Enjoy...

Thanks Olap for this fine job!

Thank you!