Hi. I'm a little miffed as to why PERSF.EXE is "Connected In" and is always receiving data. When I first noticed it was doing so, it had already received over 800kb, according to the Firewall Status application. This is a report from the Firewall Status application (I have also attached an image which I took after posting this message):
-{ Quote: "Application: PERSFW.EXE - Protocol: TCP - Remote Address: all:44334 - Local Address: localhost:2217 - State: Connected In - Creation Time: 09/Jan/2003 02:09:04 - Rx (Bytes): 24689 - Rx Speed (kB/s): 0.04 - Tx (Bytes): 888967 - Tx Speed (kB/s): 1.96" }-

It is slowing down my internet connection (dial-up, so 2kb/s is quite a lot) do I've disabled it for now. I'm thinking of trying another firewall if this is going to persist. Any recommendations? There's only one pre-requisite, which is freeware. Thanks in advance!

Hi Privacy, and welcome!

Could you possibly post a screen shot from your rule set? Would help ;).

regards.

paul

-{ Quote: " quoting: Privacy link=board=23;threadid=6095;start=0#40430 date=1042043458]
Hi. I'm a little miffed as to why PERSF.EXE is "Connected In" and is always receiving data. When I first noticed it was doing so, it had already received over 800kb, according to the Firewall Status application. This is a report from the Firewall Status application (I have also attached an image which I took after posting this message):
" }-

That is perfectly normal operation. Kerio is just showing you the fact that it *is* passing all received data through itself and applying your ruleset. As for the slowing down, you need to set a loopback rule as your top-most rule in your set -- or at least *above* Internet Explorer. That will speed things up considerably.

Rule Name -- Loopback
Protocol -- Both (TCP and UDP)
Direction -- Both
Remote -- Single Address, 127.0.0.1 Any Application
Local -- Any App., Any Port

That should do the trick. ;)

Phil

-{ Quote: " quoting: Phil link=board=23;threadid=6095;start=0#40437 date=1042045031]

That is perfectly normal operation. Kerio is just showing you the fact that it *is* passing all received data through itself and applying your ruleset. As for the slowing down, you need to set a loopback rule as your top-most rule in your set -- or at least *above* Internet Explorer. That will speed things up considerably.

Rule Name -- Loopback
Protocol -- Both (TCP and UDP)
Direction -- Both
Remote -- Single Address, 127.0.0.1 Any Application
Local -- Any App., Any Port

That should do the trick. ;)

Phil
" }-

Hi Phil,

You might also be more restrictive for your loopback rules :

Description : Loopback Cache IE
Protocole UDP
Direction : Outgoing
Local Port : Any
Local App : Only selected below => iexplore.exe
Remote address Type : Single
Host Address : 127.0.0.1
Port Type : Any
Action : PERMIT
** Before your IE rules
= = = = = = =

Description : Loopback Cache OE
Protocole TCP
Direction : Outgoing
Local Port : Any
Local App : Only selected below => msimn.exe
Remote address Type : Single
Host Address : 127.0.0.1
Port Type : Any
Action : PERMIT
**Before your OE rules

Rgds,

-{ Quote: " quoting: JacK link=board=23;threadid=6095;start=0#40442 date=1042046810]
[
You might also be more restrictive for your loopback rules :
" }-

I might be, but I'm not because I have other apps that need loopback. I believe the less rules the better, if for no other reason than more rules means more processing time, so I don't want a rule for every app I use that needs loopback. Besides, I don't care if my machine talks to -- my machine. ;D

You are correct that a more restrictive ruleset would be better for most people regarding loopback, if for no other reason than as a learning tool. But for *me*? Nah.

Phil

-{ Quote: " quoting: Phil link=board=23;threadid=6095;start=0#40451 date=1042051238]
-{ Quote: " quoting: JacK link=board=23;threadid=6095;start=0#40442 date=1042046810]
[
You might also be more restrictive for your loopback rules :
" }-

I might be, but I'm not because I have other apps that need loopback. I believe the less rules the better, if for no other reason than more rules means more processing time, so I don't want a rule for every app I use that needs loopback. Besides, I don't care if my machine talks to -- my machine. ;D

You are correct that a more restrictive ruleset would be better for most people regarding loopback, if for no other reason than as a learning tool. But for *me*? Nah.

Phil
" }-
Hi Phil,

There is already a build in loopback rule in KPF from v 2.1b3.
No need to allow IN to your applications loopback rules. Very few apps need to add a loopback rule.

No known exploit till now on port 44334 but no need to allow anything useless ;)

Cheers,

-{ Quote: "There is already a build in loopback rule in KPF from v 2.1b3.
No need to allow IN to your applications loopback rules. Very few apps need to add a loopback rule." }-

That's how I understand it. The old Tiny Personal Firewall required the loopback rule, but there was the issue of that leaving you vulnerable if you were connected to the internet via proxy. A malicious application would be able to "tunnel" through the proxy. The rules that Paul proposed are needed in order for IE and OE to access internet cache. This should speed up the connection. Hope this helps.

-{ Quote: "This should speed up the connection. " }-

Sorry. I meant this should increase the speed by which web pages load.

There is one consideration to keep in mind about unlimited loopback rules.
If you setup unrestriced loopback in any firewall, and you are using a Proxy program such as Proxo, it is possible for a program to gain unrestricted, unfiltered access to the internet, thru the loopback thru the proxy.
This has been kicked around in various forums here and there, and the general concensus of some is that if you use Proxo, or a similar program and you have to setup a loopback rule for it to work, allow loopback on all the ports except the port that the proxy uses.
This is an area I have been trying to understand fo a long time now, and I don't claim to be proficient in this. It is difficult to see all the possibilities that arise with proxies using loopback.
I think for those that can, keep all your rules as tight as possible. I review my firewall rules from time to time to see if I have allowed something that is not necessary. I learn more every day.

???I have a question as an home user of my computer. I'm currently running Kerio Personal Firewall. Should I use the setting that Y'all have mentioned above. I'm still learning how to set things up pertaining to different programs so any advice is a great help for this old man. Thanks Terryala aka (Grand Dad)

-{ Quote: " quoting: JacK link=board=23;threadid=6095;start=0#40460 date=1042054571]

There is already a build in loopback rule in KPF from v 2.1b3.
No need to allow IN to your applications loopback rules. Very few apps need to add a loopback rule.

No known exploit till now on port 44334 but no need to allow anything useless ;)
" }-

Useless? Can you *really* see my system from where you sit? ;D ;D

I should keep in mind my ruleset is *very* specific to my system whem making any recs. Although a general loopback *is* needed on my system for reasons I won't explain on an open forum, it is NOT needed on the vast majority of systems. A tighter ruleset is always preferable. The protections and restrictions I have in place to prevent any unauthorized use of that rule would not be present in most cases.

Therefore, I apologize to any and all that may have considered using my ruke to their possible detriment.

Phil

i think your loopback rule is fine PHIL. i also use Kerio 2.1.4 and have a loopback tcp&udp rule.
this is a good thread about loopback and using proxomitron. i have used his examples in applying my own rules in Kerio. scroll down to the post by hpguru
http://www.dslreports.com/forum/remark,2896630~root=kerio~mode=flat

ok for some reason the link above doesnt work when you click on it. copy and paste the whole thing in your browser and it will work then.

link modified and will work now - CrazyM

-{ Quote: " quoting: Phil link=board=23;threadid=6095;start=0#40553 date=1042087784]
Useless? Can you *really* see my system from where you sit? ;D ;D

Phil
" }-
"No need to allow IN to your applications loopback rules. Very few apps need to add a loopback rule."

lol I don't need to see a PC to know that there is no reason it is useless allowing anything which is not needed, if you system need it , than use it lol.

For the lambda user, with the build in loopback rule in KPF, no need to allow IN for loopback rules for IE et OE, that's what I mean :)

Cheers,

Hi Terryala, and welcome.
In order to not confuse things here, would you please start a new thread as to what your exact question is and what are the circumstances surrounding it.
Example:
I use Kerio PF on a windows XP machine and I use xyz program that needs a loopback rule because......
I think you get the idea.
Mods and others work best when lots of information (NOT personal) is available.

Thanks for the replies all. I must say, however, that pretty much all of it went over my head, and I ended up reverting to ZoneAlarm for it's ease of use. I'm going to do a little researching on how to set up rules and how to actually use a rules-based firewall, so all hope is not lost in KPF just yet. :)

Thanks again!

-{ Quote: " quoting: Privacy link=board=23;threadid=6095;start=0#40904 date=1042194337]
Thanks for the replies all. I must say, however, that pretty much all of it went over my head, and I ended up reverting to ZoneAlarm for it's ease of use. I'm going to do a little researching on how to set up rules and how to actually use a rules-based firewall, so all hope is not lost in KPF just yet. :)

Thanks again!
" }-

It would be my suggestion you do just that. Once you learn how to properly configure a rules-based firewall (and it's not that hard - sniping to the contrary) and you *take* control of the software instead of giving it up, you will not want to do it any other way. :)

Phil

-{ Quote: " quoting: Privacy link=board=23;threadid=6095;start=0#40904 date=1042194337]
Thanks for the replies all. I must say, however, that pretty much all of it went over my head, and I ended up reverting to ZoneAlarm for it's ease of use. I'm going to do a little researching on how to set up rules and how to actually use a rules-based firewall, so all hope is not lost in KPF just yet. :)" }-

Hi Privacy
Nothing wrong with taking time to learn. Knowledge is your best defense and it is to your credit that you willing improve your understanding of how things work.

To help give you some ideas on how rules can be set up, the following might help you along the way.

Customizing Rules

System Wide (http://www.wilderssecurity.com/showthread.php?t=4413)
Global Permit/Block (http://www.wilderssecurity.com/showthread.php?t=4419)
Application (http://www.wilderssecurity.com/showthread.php?t=4423)
Final Block (http://www.wilderssecurity.com/showthread.php?t=4426)

Regards,
CrazyM

Great thread!!!

Be well...