JPF v2 beta progress.

I Think it can't because Jetico applies rules by priority, from the first line to the last ones of tables.

But I could be wrong...

 

I am not sure if Jetico goes from top down (table) and stops when a matching rule was found or if Jetico has a look at the whole table in each case.
If it goes from top down than you are right it should not be possible; but in other tables like 'Access to Network' it would be a nice feature to sort the stuff and find it faster.

 

Back to the shutdown/reboot problem on my PC (look at post #50).

The event viewer gives following warnings for the 2 times i tried to shutdown:

1. Attempt:
Faulting application fwsrv.exe, version 1.0.1.61, faulting module oleaut32.dll, version 5.1.2600.2180, fault address 0x0000b5b2.

2. Atempt:
Faulting application jpf.exe, version 2.0.0.5, faulting module , version 0.0.0.0, fault address 0x00000000.

Further Information given by MS Help:

Details
Product: Windows Operating System
Event ID: 1000
Source: Application Error
Version: 5.2
Symbolic Name: ER_USERCRASH_LOG
Message: Faulting application %1, version %2, faulting module %3, version %4, fault address 0x%5.

Explanation
The indicated program stopped unexpectedly. The message contains details on which program and module stopped. A matching event with Event ID 1001 might also appear in the event log. This matching event displays information about the specific error that occurred.

 

Hi,

Is there a way to implement feature such as:

Block all incomming & allow all outgoing connections?

 

How do you mean? You can create an application ruleset to allow this, or do you mean to change the full policy?

 

Basically i need to setup this to a friend who do not know anything about firewall.
He use Win2000 and my goal is to setup Jetico to block incomming connections but let him use all aplications without having him to decide which one to allow or block

 

In this case Jetico is absolutly the wrong firewall for you friend.

This won't work because some aplications and system functions need also incoming connections. So the only chance is to set rules for each aplication, and hoping your friend never installes a new version of any software, never installs something, etc.

 

So basically you want similar to XP firewall? No outbound app filtering (no popups for any app) and to allow all apps all comms, but to block inbound connections, yes?
This can be done, but you would be best to use Jetico1.
Please confirm which Jetico you want to use, and I will post instructions.

 

Yes

If you have ready instructions than post for both, if not than post for v1.

 

On this thread I will post you a policy (jetico2) for what you require. Do you want to block ICMP (ping) replies?

 

If we block it what kind of "problems" can we expect?

Also please post for v1 because as I found on the forums it using less resources than v2.

 

No problems, it will just stop replies to pings.

I will reload Jetico1 later, and post to jetico thread, will PM you.

Attached config file for jetico2. Please note that this will allow (without popup) any application access to network/outbound connections etc. (but will block all inbound connections)

 

I noticed the uninstaller left a few entries lingering in my registry:

HKLM\SOFTWARE\Jetico\ (There are no Jetico products on my machine)

and

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Jetico Personal Firewall

and

HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\jpf.exe


​

Keep up the good work Nail, things are shaping up

 

Possible Bug:
Starting a new aplication, Hash activatet. Following popus - could be wrong in the order but does not matter for the possible bug:

1. Hash access to network- accept
2. access to Network - accept
3. Hash network comunication - accept
4. Network activity - accept with 'Jump ruleset'
5. (that's the possible bug) Network activity - again accept with same 'Jump rulset'
6. No more popups

In the table 'Network activity' the aplication appears two times with the same aboslut identicle 'Jump Rule'. Happens with each aplication. Till now i delete the second one, every thing works fine.

 

For 4, there should be no "event" in the rule, if there is, this can cause more popups. Or, was this an "echo" of the rule

 

Stem ?? ??
All the tables which i use as a 'Jump Rule' ,for examples for "Web Browser", have Events like outbound, inbound and what ever. Or do i missunderstand something now?
It seams more an 'echo' of the event rules inside a table used as Jump Ruleset, resulting in double entries in "Network acyivity". So a bug?

 

The jump rule should be for any event. This problem is seen more, if like me you have the DNS client disabled, as the first outbound (after allowing "access to netork") is "send datagrams", if I make a jump based on this "event" then I will receive another popup for "outbound connection". Really in this "network activity" rule, the "event" should be "any", but this is not an option, so I found leaving this blank will cause the jump for "any event"
But yes,.. there is still the "echo" problem/bug.

 

/kill
Strange, because if you look at the default setup the table 'Web Browser' has rules with events inside. Logical.
So to prevent this echo, we can't use the table 'Web Browser' as a Jump-Rulset for Opera or what ever. What other way is there? I know 'Groups' could be a solution. But doing a group for each kind of aplication...hmmm?
/end kill

P.S. Forget it.....now i understand you (going back to scholl freshing up my English). Of cource the jump rule itself has NO event inside. The table to which the 'Jump-Rule' links has of cource. Thats the way i have it. So its a Echo problem/bug of the events inside the table to which the jumper links.

 

But you must realise how Jetico processes the rules. Once an application is given "access to network" the flow of the rules then goes to "network activity". If I have a rule in place to "jump to browser" for event "send datagrams" then the jump will be made for that event, if the event is "outbound connection", and there is no rule for this event for that application, then the "ask user" rule is used.
It will not be seen as much if you are using the DNS client, as the first event of the browser would be to make "outbound connection" and if the rule in place is for this event, then the jump is made.

If you think back to Jetico1, all the single jump rues would of had "any" for event.

 

Yes but in my case:
1. Both events which resulted in two popups where exactly the same and defined in the table to which i linked at the first popup.
2. This results then in two identicle 'jump rules' in 'Network activity'
3. Deleting the clone rule and starting the aplication again, no popus.

Yes but i think the jump-rule in v2, even if it does not say 'any' it has to mean 'any' - if no event is definded in the jump rule, because after all the jump-rules work after killing the clone i have.

 

Untill Jetico resolve the "echo" problem, this will continue. For me, due to the way the popoup comes up immediately after the creation of the first "jump rule" being made, its as if there is a access attempt within a stack, and the rule put in place is too late to take effect.

As mentioned, there is no "any" rule, so leaving blank does appear to have the same effect.

 

Yes i recognized this in various cases that Jetico has problems with storing new informations/rules, etc. directly after there creation and recognizing them directly. That's why i said earlier, a SQLite database would be better, faster and without such problems of storing.

Ok, lets wait for the next Beta which hopefull solves also this bug.

By the way you think it makes sence to write a parcer for importing the famous 'black list' into the Jetico Group 'IP Adresses - Blocked Adresses'. I am also afraid that such a huge xml file will kill Jetico.

 

I did import a Blocklist into Jetico2 (Full blocklists) this made the config file 5mb. The memory use of Jetico2 went up to 50mb, but no slow down or any problems.

Edit: By the way, I did mention to Nail concerning the export/import of rulesets within Jetico2,.. He did say that this could/would be added.

 

Won't happen with SQLite, because it is accessed when needed and not like the XML file loaded full into memory. But to late

Nice, till than a simple copy/paste from the needed part in XML-file does the job. But you have to shutdown Jetico first, becuase the XML fil is 100% loaded into memory and blocked for any other aplication.

 

It is not something I would like a new user to attempt. As there is currently no re-set within JPF2, it would be only too easy for a new user to corrupt the config file. (how many would forget to make a copy first?)