Can some one help me configuring jetico firewall with emule? I even put the program on application trusted zone but I always get a low ID.

If you are using Jetico v1, what i hope for the moment, have a look at this threadt.
http://www.wilderssecurity.com/showthread.php?t=121009

@Stem postet there somewhere an archive which you can import into Jetico v1, which also includes working rules for eMule. In this thread you also find explanations how to import rules.

-{ Quote: "Can some one help me configuring jetico firewall with emule? " }-Important, remove emule from the "trusted zone", and remove any rules you have created for emule.

1/
There is a ruleset attached on this post (http://www.wilderssecurity.com/showthread.php?p=801249#post801249) Download and expand into your "program files \ Jetico \ Jetico Personal Firewall \ Config(folder)



2/
You now need to open the ruleset.
Open Jetico, select "open" and browse to the config folder, select the "ruleset.bcf" and open.

3/
Once you ruleset is loaded, open the ruleset (click on the "+" next to "rulesets") select the "emule" rules (left click and hold the mouse button down) and drag the rules to your "Optimal Protection"

4/
You may then need to edit the rules (this will depend on the ports you have set in emule)
As you will see from attached image, there are 2 rules you may need to edit, one for the inbound TCP, and one for the inbound UDP. Change these so they are the same as your emule settings.

5/

Then when you run emule, you will get the Jetico popup,... you then need to "handle as"->emule

Hope this helps/explains. Just post if any questions.

Stem thanks so much for the help but Emule persists on being with a low id. I really don´t understand what's happening, with LnS Emule was running properly.

I really like Jetico, I tried lot's of different firewalls but this one seems to me the most secure and is light also, so I don't wanna try more firewalls.

I am using the exact ruleset as @Stem posted with standart eMule ports, and i am having no LowID problems. Did you have elswhere a rule which is blocking eMule traffic? Have a look into the Log tab.

P.S.
Just read your first post, saying that you had also a LowID problem when you put eMule into 'Trusted zone'. Dou you have a router or something else running?

-{ Quote: "Stem thanks so much for the help but Emule persists on being with a low id. I really don´t understand what's happening, with LnS Emule was running properly.

I really like Jetico, I tried lot's of different firewalls but this one seems to me the most secure and is light also, so I don't wanna try more firewalls." }-Have you any other rules that may be blocking the inbound ports you have set? Check your log to see if the inbound is being blocked.
Are you behind a router?

I have used these rules myself in testing,... and I did get an "high ID"

The log tells me that I'm blocking the non processed packets that arrive at that door. How can I override that?

-{ Quote: "The log tells me that I'm blocking the non processed packets that arrive at that door. How can I override that?" }-
Don't overright them, they have nothing to do with LowID from eMule.

Do you have a router or other software running which could limit Network access?

-{ Quote: "The log tells me that I'm blocking the non processed packets that arrive at that door. How can I override that?" }-Have you set the ports in "emule" the same as in the "emule rules"(TCP/UDP). If these are not the same then it will not work correctly.

Can it be a problem with conflicting software or something like that? My security running apps are Nod32, GSS, SnoopFree, Wormguard and Jetico.

-{ Quote: "Can it be a problem with conflicting software or something like that? My security running apps are Nod32, GSS, SnoopFree, Wormguard and Jetico." }-
Give it a try, tell Jetico to allow all traffic (change security policy) and tell us whats happening with your LowId.

Yes I put the same ports. I think I read a post from a person with the same problem and he formated the hard drive, when he reinstalled jetico and emule the problem was solved...

When I put jetico to allow all emule works perfectly.

-{ Quote: "When I put jetico to allow all emule works perfectly." }-

Ok, so there has to be somewhere a rule which blocks eMule traffic. Now easiest way would be to export your whole rulset (optimal protection) and put it for download here or at rapidshare. Perhaps Stem can check it, i have Jetico v2 running.

-{ Quote: "When I put jetico to allow all emule works perfectly." }-Apply your optimal protection,.. Go to the "emule" ruleset and untick the "block emule" rule at the end of the ruleset. What popup do you get from Jetico when you run emule?

When I untick the reject box I get this pop-up:

event: receive datagrams

protocol: TCP/IP

Local Adress: Any

I already uploaded my optimal.bcf

It's here: http://rapidshare.de/files/29675242/Optimal.bcf.html

And guy's... thanks so much and sorry to bother you.

-{ Quote: "When I untick the reject box I get this pop-up:

event: receive datagrams

protocol: TCP/IP

Local Adress: Any

I already uploaded my optimal.bcf

It's here: http://rapidshare.de/files/29675242/Optimal.bcf.html

And guy's... thanks so much and sorry to bother you." }-The optimal protection you have uploaded is empty of "ask user" rules,... and there are no rules at all for emule.
Make sure you have the "optmal protection" selected (right click "Apply policy") then load/edit the emule rules as directed in my posts, and select the ruleset for emule when prompted.


EDIT:
You have uploaded your default "optimal protection" (from the Jetico config folder)

Open Jetico,... select your working "optimal protection" (the policy with the emule ruleset) and save the policy (Jetico: file: "save as") and upload this policy.

Sorry, I didn't saved the file. Here it is:

http://rapidshare.de/files/29680037/JeticoRules.bcf.html

-{ Quote: "Sorry, I didn't saved the file. Here it is:

http://rapidshare.de/files/29680037/JeticoRules.bcf.html" }-I have just taken a quick look,.. I am concerned that you have rule in "ask user" which is allowing inbound connections (to system local port 139 (netBIOS TCP) from an IP I am unable to trace. Do you know who/what this IP belongs to?

I don't know, but now I have it on application blocked zone and everything runs smooth except emule.

-{ Quote: "I don't know, but now I have it on application blocked zone and everything runs smooth except emule." }-Dont place the system into "blocked zone", just remove/delete the rule that is allowing the inbound connection.
I also see you have roxio "roxUPnPserver.exe" in trusted zone,...?

I have just checked through your ruleset, I even installed emule to check, and am connecting to servers with high ID.

As you have now saved your ruleset,.. please try,.. open Jetico, file open: and load the default optimal ruleset (from config directory) Apply the policy, then copy the emule ruleset to the new policy,.. edit as needed,...then run emule. (I need to see if there is possibly one of the other programs, which you have placed in trusted, may be bound to some ports needed for emule)

Stem thanks for the help, but I gave up. I have just installed LnS and it works fine with Emule. Perhaps Jetico was to much for me, but I still think that's the best firewall around.

I'm gonna format my pc soon, then I will reinstall jetico to see if it works.

Thanks again for the help.

Hi joao_proscrito,HI Stem

when i use eMule and Jetico v1 eMule Application Table,I found some eMule packets couldn't passing the default TCP inspection rule,so these packet would be blocked by "Block All not Processed IP Packets" 。so it make u Lowid.

Here are some log:

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/emule01.jpg

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/emule01.jpg

so you need add other System IP rule below the default TCP inspector rule to allow these packets with special TCP Flag to passing.

default TCP inspection rule:

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/bt04.jpg

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/bt08.jpg

BitComet SYN+ACK Out rule(59153 is BitComet lisenting port u can change it to emul TCP 4662 , RST flags):

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/bt06.jpg

add System P2P Table :

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/bt05.jpg

My eMule Application Table:

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/eMule.jpg

My System P2P Table :

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/SystemP2P.jpg

JPF BETA v2 TCP SPI working well with eMule，don't need System P2P Table，so u can install JPF v2 directly！

-{ Quote: "Hi joao_proscrito,HI Stem

when i use eMule and Jetico v1 eMule Application Table,I found some eMule packets couldn't passing the default TCP inspection rule,so these packet would be blocked by "Block All not Processed IP Packets" 。so it make u Lowid." }-The logs you have shown would not cause a low ID in emule, these are outbound RST (reset connection) packets which would be dropped if the connection is already terminated. It is only if inbound SYN (connection) packets are blocked on the TCP port for emule would low ID happen.

You should not be allowing out of sequence TCP packets into your PC, as your IP rules are doing by allowing inbound TCP packets dropped by the SPI, which can leave you open to TCP exploits.

-{ Quote: "The logs you have shown would not cause a low ID in emule, these are outbound RST (reset connection) packets which would be dropped if the connection is already terminated. It is only if inbound SYN (connection) packets are blocked on the TCP port for emule would low ID happen.

You should not be allowing out of sequence TCP packets into your PC, as your IP rules are doing by allowing inbound TCP packets dropped by the SPI, which can leave you open to TCP exploits." }-

Hi Stem
I met many people have this lowid problem, even eMule in application Trusted Zone.
I understand and agree with your Perspective,so i suggest to use JPF v2!
i dont suggest people to try my ruleset, this just a temp solution or poor solution.
so someone use this p2p table, when use eMule u can check the System P2P Table, if you dont use eMule u can uncheck it.

i just reinstall jpf v1 in a new XP system,only use eMule Application Table,I got HighID,so there should be some conflict jpf v1 with other soft or network enviroment problem cause this lowid problem. but if people dont want reinstall OS, reinstall other soft,they can use my ruleset with some TCP exploits to have HighID, they can choose it or not.

Hi ubuntu,
-{ Quote: "I met many people have this lowid problem, even eMule in application Trusted Zone." }-Next time you see this problem, please load a new "optimal protection", copy over the basic emule rules, apply the policy, run emule using just the ruleset (after setting correct ports in the rules) to see if still problems.
I am still not sure if these problems are due to a software conflict \ rules conflict or a corrupted policy. (I have never been able to reproduce the emule low ID problem with Jetico)

-{ Quote: "I am still not sure if these problems are due to a software conflict \ rules conflict or a corrupted policy. (I have never been able to reproduce the emule low ID problem with Jetico)" }-
I used the same rules under Jetico v1 and blocking outbound RST packets, never had a LowId.
The only issue i had (still have in v2), were the less results when searching Global servers for a file, as when i allow all traffic.