Jetico: Half-baked Application SPI or me?

Jetico test configuration:
- Factory settings
- "Optimal Protection"

Direct connection via DUN/RASPPPoE; Modem in Bridge mode, no NAT et all. Meaning to say no "active" protection whatsoever and nothing out of the ordinary to report for the past I don't know how long!

Issue: I've a Workstation PC (not acting Gateway at this time) and desire to run with Jetico, without fuss or degrade to security, basic Server processes; a FTP daemon, VNC and then some. Even though outbound monitoring and ultimately control is my only real interest and concern!

Problem: "Application" rule can be [accept any *] (or specific) and yet really must I add a permanent "System IP" rule for Port 21 (FTP) fixed open? If I omit this additional rule, remote borne connection requests always hit the Jetico wall.

2006-07-28 5:38:26.914 reject Block All not Processed IP Packets 40 TCP incoming packet 4.79.142.206 me.me.me.me 58298 21 TTL: 110; TOS: 0; ID: 0080; TCP flags: SYN ; TCP Seq: 75661AD5

Sure one defines similar rules in their hardware router but in software we can make forward decisions based on the statefulness of resident applications and their present bindings all the while obeying your rules aimed at them. That is in a nutshell, open and shut doors and restrict access dynamically on a case application need basis.

So yeah, network/registry issue or is this a Jetico limitation?

Note the Application protection component layer does function OK otherwise I wouldn't be wasting my time, I recognize Jetico's power as a table rule based firewall and strong process I wish I could say integration and tie to packets a la full blown SPI?

High time I coded my own PF. Though I favour Sandboxing. I hear you, Paranoid2000, Phant0m, I hear you.

 

For the FTP server, have you used the FTP server ruleset?
I have only run servers on my local lan for testing rules based firewalls, I did run jetico with an FTP server with the FTP server ruleset, without a need for an IP rule.

 

Have, the first rule tried, initiated by way of pop-up on outside connection attempt. The darn Action even lights up to signify activity and rule compliance during a hit on port 21.

Application Rules/Tables tested individually as well as stacked include:
- "FTP Server"
- "Application Trusted Zone"
- An all-out total and absolute accept all overriding rule as well minus all other Application rules to be sure.

This instance we're talking pub, non-local, a distrusted zone.

https://www.grc.com/x/PortProbe=21

I ask then, using the grc test above, can anyone out there running a FTP server & appropriate Application rule get anything but Stealth, i.e. want an Open|Closed result, with Jetico on factory default "Optimal Protection" rule set ?

Else I'll put it down to just me and my PC, a software conflict.

Jetico is an awesomely tight application-internet firewall, I fail to see how the devs would overlook something so trivial yet somewhat compromising.

I wouldn't mind so much this need for an explicit System IP rule IF my ports were stealthed WHILE no process is bind to them.

Let's not debate the usefulness of stealthing ports. It's not like, Woo! I'm hidden from attackers! Which is seldom the case. It's more a matter of keeping my line free than congested by wasted packets, acknowledgement returned to probes/scans that may even contribute to a DDoS should you be the target of one.