Jetico making me crazy.

I was PM about how to create a rule to block inbound connections within Jetico.

To do this you must set a system IP rule to block inbound "SYN" packets, which you place into the "System internet zone" (see pic)

I was then asked, with this rule in place, would it be possible to allow an inbound port for use with a torrent client.

It is possible to change the "block inbound SYN" rule so that it blocks all ports apart for one (or a range of ports). (See bottom of PIC for change in rule). In this example I have entered port 50000, with the "match inverted" enabled, so the rule will reject "SYN" packets on all ports apart from 50000.

Hope this help. If more help needed, please post to thread.

 

Hey Stem,

one thing about utorrent is that when u monitor it, beside heading the port 50000, which is inbound with SYN still rejected in the rules.

But you have not clear the rules for outbound which is required for utorrent.

Next thing is that even if SYN is blocking and allowing 50000, the number of seeders still decreasing.

Could u view the picture below and tell me if this is a good rule to add in "System Internet Zone "

This rule I created is to allow the inverted 50000, to have more freedom without SYN even though it was not protected by SYN.



but then it still does not improved the amount of seeders entering your port 50000

 

The posted rule is for IP, which is basically an override to other rules.

For your torrent client, you would still need to use a ruleset (there is a torrent client ruleset posted here)
Within the ruleset, you would need to change the port for the inbound (which needs to match the torrent client setting, (and the setting in the SYN rule))

 

So I should not be creating an additional rule to allow port 50000 in post #352

Am I right?

I will rely on the rulset prefix and local port which is 50000 for inbound and the blocking rule with 50000 being inverted in post #351.

 

The original rule was to block ALL Inbound SYN packets. Which is what you first requested. But as the rule was, this then blocks any inbound attempt, which stops the inbound connections for your torrent client. You can simply remove this rule, but you wanted to be able to block all other inbound connections apart from the port being used by your torrent client, this is shown in my post (the addition at the bottom of the pic), but this rule on its own will not allow the inbound, it will just not block it. A ruleset is needed, with a rule to allow the inbound (ie: torrent ruleset).

You should only have one rule for blocking the inbound connections. The rule posted#351 should replace your original rule (not added as an extra rule)

 

hmmm,

I had set the inbound with the prefix torrent ruleset you made eariler on... with local port 50000.

Just to check with you a couple of logs below.

I got this from the logs

why does FIN PSH ACK appear block from 50000,is this the reason for seeders unable to get in to utorrent ?? Do I have to create a block flags with
that contains the TCP Flags FIN PSH ACK or am I safe from all this.

How about the above one

and this......

 

PSH : ACK /FIN : PSH : ACK are being dropped by the SPI, not your ruleset. These will not affect your connections. You can just let the SPI deal with these (It can cause problems for the user connected, not you)

The ACK being dropped are possibly out of sequence. Possibly someone attempting access, again just let Jetico SPI deal with these.

 

Hey Stem,

Can how can I protect myself with jetico from pcflanktest

 

Are you not given alert from Jetico, that pcflanktest is attempting "access to network"?

 

Hey Stem

Yes jetico did request and I reject it, but one thing is very weird,

I copy the link "http://www.pcflank.com/pcflankleaktest_results.htm" and open in a new browser, the message does not appear.

In the leaktest, I press the back and type something, then I refresh the page, the message actually leak. I not too sure is this a pass or a fail test but it seems like a fail one,since the message I type can still be seen on the result.

 

hmmm,.. running the test this way even by-passes JPF2.

 

Of which part of the leaktest you are talking?

 

so the first is a pass,

the second is a fail and goes on failing.....

I was wondering does tiny personal firewall have this thingy too anot, or maybe they can block it even if the user press the back button on the testleak and type on a message again and press next, and that message being type if still not shown.

So stem you mean this also happens in jpfv2.0

where the first phrase of test will stop the first message while the next message will safely leaked out ??

 

Yes,... Jetico2 is not stopping this leaktest. I thought it would of been intercepted by "Indirect access" in JPF2, but it doesn`t.
Have just set up W2K box, and JPF2 fails this first time.

 

well I am back to jetico v1.0 because jpfv2.0 is now more complicated than jetico 1.0 and it no longer supports win98 which is one thing I always wanted application to support on.

what u mean by w2k box if its from jpf 2.0 then I not sure because I no longer wish to test run jetico v2.0 until its stable and able to provide me further information of the paid and free version of its classes.

Being with jetico v1.0 is still fine actually but this little pcflanktest can show something about leaks even with jetcio around.

 

It seems to me as well that Jetico 2 is not simpler than version 1.0.
I installed v2.0 in a PentiumIII -1000MHZ-XPHome machine which i use as tester which had v1.0 previously installed:
the new Jetico was more troublesome than i expected leading to the first BSOD in a long time, i had not realised the uninstall was either not an option or perhaps corrupted,so in the end,after AddRemove,after Total Uninstall, i had to hunt file by file in the Registry as elsewhere to get rid of all the remnants. (With REgsupreme and RegSeeker help i think i succeeded). Of course i reinstalled v.1.0 and had the only fuss of recreating the Optimal settings again,as out of sheer optimism about Jetico's staff Beta capabilities,i had forgotten to put the Optimal.bcf on diskette and the existing one which was on my C: Disk was also inexplicably corrupted by the half-working uninstall from AddRemove in spite of being in a shared folder and not in anything relating to Jetico.
I had the pleasure to put in practice all that was taught in this forum about Jetico 1.0,anyway, and i think i will not attempt to deal with Jetico 2.0 at least until its a Beta.....
I wouldnt like that the so long awaited "simpler" version undergoes the Kerio 2.1.5 to Kerio 4.3 fate-saga.....in the sense i'd use 2.1.5 for ever.....

 

Jetico1 + SSM Free is a good combination.

PC with W2K(Windows2000) OS installed

As you will notice on the Leaktest website, only "Tiny firewall" (from the firewalls tested) intercepts this.

 

Durad,

As requested,

Attached config file for jetico1. Please note that this will allow (without popup) any application access to network/outbound connections etc. (but will block all inbound connections)

 

Hey stem,

I know about this software and I currently using SSM and process guard, act like a duel protection against application.

basically processguard been set as a permanent process while SSM-free acts as a requesters where it will request for apps injection and other weird stuff.

I not too sure this combination is good in the sense but I hope this will solidfy some security in there instead of a conflicts

 

I am having difficulty getting the tray icon arrows to illuminate during network activity. It is supposed to light up green or red during any 'blocking' or 'allowing' activity just like Sygate, but it just stays gray. I have v1.0.1.61. Has anyone seen this problem?

 

Happened here also some times. A reinstall had helped in my case.

 

That's the first step I took, including cleaning any registry entries before the reinstall. However, it hasn't helped in my case.

 

Thanks Stem!

Process: fwsrv.exe = 3.392K

 

Can I even disable LOGING in order to lower resource usage?

 

There is no global rule for logging, this is done on a per_rule basis. To stop all logging you would need to disable the logging in each rule. (you will find that logging (on default optimal protection) is on the "ask" or "block" rules at the end of the rule table), but do not think this will change the resource use by much/if any.