Jetico making me crazy.

No problem, I just dont want to double post.

For a range, you would place an IP with mask. For what you mention,... IP 62.216.251.0 Mask 255.255.255.0

No problem,.. your welcome.

SteM

 

In addition to IP-Ranges, a question. Which seperator i use to put 2 or more total diferent hosts(IP's) into _one_ rule for allowing to access?

P.S. I love this FW each day more, very powerfull and highly configurable.

 

This, you would need to place rules for each IP.

____
SteM

 

Here we go again.
Is it possible to deactivate for certain aplications the hash calculations? Reason i am asking is, because i have some aplication which i update very frequently (Beta's). Jetico is asking me than of cource for new rules and i have to delete the old rules which belong to the earlier versions. These are sometimes a lot. Or exist the possibility to overright them?

 

Not that I am aware of,... for applications that have a need for many rules, I can only suggest to place them within a ruleset (like "Browser" etc) for the application that may change (create a ruleset without bound application). then on change, you just delete the "jump to" rule, and on access for the changed app, "handle as".
Hopefully the next version will have some provision for these events.


____
Stem

 

A very good idea Stem

Thanks

Have a nice day

 

Hello All,
Due to a PM, I have found an error in one of the rulesets I posted (post#106). This I have rectified, so I am now re-posting the rulesets.

Regards to all,

____
Stem

 

There seams to be an other error in the eMul Ruleset you posted.
For a correct working of the global sever search in eMule i have to configure eMule as a server and allow following:

accept receive datagrams
Remote IP/Port: any
on local port 1474.
__________________________________________________
mostly from this IP:
Peer 1 Network Inc. PEER1-BLK-08 (NET-64-34-0-0-1)
64.34.0.0 - 64.34.255.255
ServerBeach PEER1-SERVERBEACH-03 (NET-64-34-192-0-1)
64.34.192.0 - 64.34.207.255
___________________________________________________

If i don't do so, i only get no or mostly a third of the search result. Give it a try.

 

Hi Tommy,
There are 2 rules (Inbound UDP: Inbound TCP) within the "Emule" ruleset that need to be set to the user config:- info,

____
Stem

 

Hi Stem,
thats right, these are the ports which are configured in eMule itself and i configured Jetico acording these ( i have the standard ports in eMUle); but it seams that for the _Global Server search_ you need a addidional rule because the _global server search_ is connecting directly with the 'peer net' on an other port.

The ports set in eMule are for user to user connection only. Give it a try your self, and have a look at the search results with and without the additional rulset i mentioned. But the ports seam to differ

 

Hi Tommy,
I dont actually use Emule, I only set up due to a request for the rule set.

My understanding at the time I installed emule (from the help file/info I found),was that the "server connection" was outbound, and only 2 inbound connections where required, which I set, and running emule with the ruleset gave the "High ID"

What is 'peer net' ?

____
Stem

 

Hi Stem,
PeerNet is a multi-platform peer to peer search engine, on most poplar P2P network protocols including Gnutella, Gnutella2, eDonkey/eMule, BitTorrent and so on.

 

Hi Tommy,

Thanks for the info, I just remember the 2 networks, the server and the "cad network(I think it was called)". I will have another look.

____
Stem

 

I observerd my mentioned rule sometime know. There seams to be a port range from 1473 to 1476.
May have a look at:
http://forums.sygate.com/vb/showthread.php?threadid=8551
Page 2, post 08-07-2005 06:32 PM

But aslo there i can't find something regarding the ports 1473... very strange. I can only ensure you that the global search results are very different with and without this rule. Searching for example for 'Bogart' without that rule bring '47' results, rule enabled brings '82' results.

By the way how do i configure in Jetico if the port is for UDP or TCP connection?

 

If you check the "emule" rule, you will see that for "Application rule":

"TCP" Protocol TCP/IP: Event:- inbound / outbound connections
"UDP" Protocol TCP/IP: Event:- send / receive Datagrams

The ruleset you link to is too tight for outbound, and would cause problems. The only added rule there is for "web interface" which I intentionally left out.

____
Stem

 

I have re-installed "Emule" to re-check. Searching would depend on how the search is performed (server / Kad / web / all) and which server you are connected to. I performed a search while only connected to a server (KAD network disabled) this brought a search result for "Bogart" of 154 results. (I have just the 2 inbound rules set)

____
Stem

 

Strange, strange. I have still the same result as mentioned above, even with your kind of search configuration. Ok, will observe the eMule configuration closly.

Again to my last question. So it is not possible to configure rules if a connection/port is for the UPD, TCP or ICMP protocol? Are this kind of more tight configurations not recomandable or is Jetico just not prepared for these setup?

 

See post #315

ICMP rules are entered in "System IP table / system internet zone"

____
Stem

 

Ah i see.
I have these specifications (UDP,ICMP) in System IP Rules but not in Aplication rules. I have to figure out how these two kind of rules correspond to each other. It is not clear yet for me.
What do i have to do if i would allow an aplication connection on for example port 100/UDP but not on 100/TCP? Or does this not make sence? As you see i am not an expert at all

One more question appears:
I am using Trojan Remover, which uses by default a random file name generation. This forces Jetico each time to popup up. Some soluction for that whithout disableing this feature?

 

UDP / TCP in application rules.

"TCP" Protocol TCP/IP: Event:- inbound / outbound connections
"UDP" Protocol TCP/IP: Event:- send / receive Datagrams

The only difference is:- For TCP, you place the event as "Connection", for UDP you place the Event as "Datagram.

Below you will see the two rules I set for the emule test. The first is allowing inbound TCP,.. the second is allowing inbound UDP.

 

Not that I am aware of.

____
Stem

 

Aaaaaaaaaaaaah!
Now i understand. So simple, but sometimes i don't see the tree in the forrest.

Thanks again for you pacience. Seams you are 24 hours online, like me

 

Your Welcome,..

____
Stem

 

Tommy, i have the same problem you have with Trojan Remover,which i still keep as a valuable scanner in spite of having BoClean as well since many years.
Rule-wise I have tried everything conceivable,but obviously-for the very reason you mentioned-that is-the fact it is a constantly and randomly changing file when you update- i was utterly unable to find a way out to a constant showing up of 4 to 6 windows about access,attacking file,outgoing etc. at each update.
Even giving TR maximum rights, like Trusted Application for instance, is no use in this situation;i didnt try placing it in system Applications as i'd think it inappropriate.
As i want to keep Trojan Remover i settled for the only way out i could find,that is : periodically erasing in Ask User (and/or Process Attack Table) all the items pertaining to TR and start afresh this way about every week or so.
I do so as i dont really know what would happen with a plethora of similar rules in Ask User, if the firewall could be slowed down- it seems to me erasing them is the only option.

 

@poirot
Yes i agreee to you. Only way for now.
Only possibility could be a _attacker rule_ allowing TR to create executable files, which certanly inculdes risks not watching these file creations. Also there is no such event predefined in the Process attack rules.

P.S. Suggestion to the Forum Mods and Admin:
A own Jetico Forum would be nice, no own support is given from the programmer, and more and more people switch to Jetico because it is, besides Freeware, very powerfull and complex and one of the best of its kind.