Jetico making me crazy.

THANKS for this thread explaining lots of rules in Jetico!!!

I have been reading all more than once and I am getting along with most of it. A few days ago I switched to Jetico and I will stay for sure. For a common user it´s hard but if you take your time, success will follow. Rule #1=rtfm

So did I and I´m convinced about the philosophy of Jetico so far. I´ll come back for fine tuning questions maybe at the weekend.

Good work!!!

 

Stem,
Do you mind posting your application ruleset so I can see how you did the logging? Newbie!

I have to find out more about the nvida/apache stuff. It must be associated with the motherboard I'm using, but I'll hash it out.

Just now I started the machine and tried to log onto my app, but problem reappeared. Very flakey. Once I find out more about it I'll post.

Lars

 

Take a look @ post#106,.. there are some rules I have posted, most of these have a "block all with logging" rule at the end of the ruleset (instructions on loading these @ post #100/101

I would suggest (for testing) that you load a new "optimal policy" into Jetico (open Jetico / file / open .. browse to the Jetico/ config folder, and select "optimal.bcf", this will load a new "optimal policy" (your old policy will still remain) right click the new loaded policy and select "apply policy"), once this is loaded and active, attempt to log on to your interface, Jetico will prompt you for any outbound rules required.....if you are blocked from logging on, you then need to check the log for any blocked packets (if you are not prompted for rules, they will pass through to the "block all" at the end of the default ruleset, which is set to log). Once you have logged on succesfully, you will be able to make a ruleset. Once a ruleset is created, you can edit your old policy to suit.

 

Hello,

I got a question for a torrent client like Bittorrent. Well, I know there has been a rule uploaded in here but the question is, how you gonna insert the rule in Jetico.
I made my own rule for my client and it´s nearly the same like the one which is uploaded.
When I start the client, Jetico keeps asking for outbound connections even when the rule is defined in "Ask user/Bittorrent client".
In the Ask user tree I defined one rule for it. "Handle as Bittorrent client" (blue arrow straight to the right) with the permission to access the network on any protocol, nothing else. That should be enough to jump into the "Bittorrent client" tree below and use there the proper rules.
Fact is, it doesn´t work that way. It keeps asking me for the first outbounds, which already are defined. I have to set "Handle as Bittorrent client" with all set to any in the "Ask user" tree. I doubt that is correct.
Another question is, which rule Jetico performs in the "Ask user" tree, when there is a special rule one step below for it. Is it just a "jump to" or already a rule.
I know pictures can tell more but I wasn´t able to get space for it right now. On the other hand, maybe I should take a closer look at my rules...
Maybe I still didn´t get the clue about outbound/inbound, recieve datas/send datas and so on and when it is necessary to define the local address/remote address/local port/remote port when using an application with a protocol and a special event. Guess thats what most of the ppl in here are thinking about...
Ok, I will keep trying and hope you can help a bit.
Links are also appreciated.

 

Stem,
I did as you said, loaded the optimal temporarily, launched my app, it worked, so I copied that rule to my main optimal. Everything is OK.

I also removed that Nvidia Network Access Manager junk. This system was made for me. I didn't load the operating system. I should know better than that.

In looking at your articles at 101, 102 and 106, I was particulary interested in your wip.bcf, which I believe expands to 'My Rules' once loaded. Now what I'm about to ask will really show my ignorance, but I'd like to understand clearly.

When I look at the Applicaiton Table, you've got a bunch of right, blue arrows, e.g. Windows, DHCP, DNS, etc. Does Jetico go to down the Application Table, first to the Windows table to each of its entries, then to the DHCP table and to each of its entries, until it hits an accept or reject rule?

Somehow I thought there was something special that Jetico knew about Windows (in the Application Table).

Well, I re-read the manual. I think I understand the order of rules. Straight sequential until accept or reject.

Thanks for your patience. Lars

 

I need to setup a rule for uTorrent which I don't know how to do. Among others, it needs an inbound UDP connection to a specific port of my setting. However, I cannot find a UDP protocol under packet parameters.

Which protocol should I use instead?

Thanks, Lars

 

Hi Lars,
I thought uTorrent only used tcp (the same as bit tornado), as I have used the bit-tornado rules for utorrent to test, and all o.k. (unless this is a different uTorrent).
For UDP, in application rules, the format for outbound:- Protocol: TCP/IP Event: send datagrams
For inbound UDP: there must be a rule to "listening datagrams" (this by default is already in place in the application Table), you then set your application rule protocol TCP/IP event receive datagrams with port/range

Take a look at the "emule" rules I uploaded, which have/show rules for UDP and may help you.

I am just putting together instruction for PvA on the download/install/use of the Bit tornado rules, which may also help you (which I will be posting a little later)

(By the way, what is "wip.bcf" you mention in your post #155)

 

The reason I asked about UDP and uTorrent is that on the machine I'm currently using, Agnitum is running and shows UDP connections, a lot of them, all going to the inbound port specified in uTorrent. So I wanted to be prepared before switching that machine's firewall to Jetico.

As for wip.bcf, I thought that was your file. When I load it into the fw, its title is 'My Rules', containing a Root table. Its Application Table contains Ask, DHCP, DNS, Messenger, P2P, Programs and Windows tables. In the Application Table there are right-facing, blue-green arrows pointing to each of the tables subordinate to the Application Table.

Sorry for the confusion.

Lars

 

@PvA
Part 1
I have used the Bit tornado ruleset on Bittornado and utorrent with no problems

 

@PvA
Part 2

 

No,..not mine,...I only post "rulesets" not complete policies (changing the flow of the policy can cause some problems, all my uploaded rules are application based only, and will not compromise the system)

 

Stem,

I have a few questions about your posting #160. You said that once you copy over the loaded ruleset for BitTorrent from you, change the inbound port number and delete all torrent rules. Which ones, the ones we just changed, or do you mean to unload the one from you? Why would we delete what we just entered?

Assuming that we have the ruleset copied to our configuration with the changed inbound port number, I notice that you did not place the application name in any of the rules - they were blank. Will this address be placed in the rules when we point to this ruleset when asked what to do with BitTorrent from a pop-up message?

Confused

 

Sorry, was pushed for time, should of worded that better. ...Delete any other rules you have create yourself in the application rules or the ask user rules for your torrent client. The rules you have loaded from my ruleset will still be seperate (not yet within the root policy), so leave that where it is.

This is a ruleset, there is no need to enter an application name within the ruleset itself, when you get the pop-up from Jetico for your torrent client, you select the bittornado ruleset and a jump will be created for that application to the ruleset, and the ruleset will be imported to the root policy.

Hope this explains a little better,
Regards

 

Thx Stem,
The explanation in post 159, 160 works perfect. Jetico doesn´t keep asking now anything. I assume the rule in the "Ask user tree" is just a "jump to" and nothing more, I hope.
It´s kinda confusing, because the "handle as rule" in the ask user tree (right blue arrow) has preferences ---> protocol=any and event=any, which made me thinking. I tested it by blocking all applications in the new tree of the bittorrent client and ok, the client stopped downloading or uploading! So that´s very fine.
After that, funny thing is, I checked only one rule (access to network), the first one on top and the application started running Does this have something to do with my router? The port for the application is forwarded in the router... Is this ok?

 

Yes, make sure you have just the one rule for your torrent client, ((the rule is that, a jump will be made to <ruleset> for that <named application> when <any protocol> and/or <any event> is processed for that <named application>)...A bit confussing to start with, but stick with it......I hope the attached pic may explain better)

If you only have the "access network" rule checked within the ruleset (all others unchecked), then the application will run, but all connections will either be blocked, or you will be prompted for rules.

Yes, you will need to portforward the same port as in your rules

 

Well, I checked only "access network" and the application is running well connecting to the www uploading and downloading. To make sure Jetico does have the rules active I checked "apply policy" in optimal protection on top left. I even did a complete restart windows to make sure.
I ´ll have a look somewhere to upload pics, so you can see...

 

I found out, I just have to upload pics Well here it comes

pic removed*

 

if you want more, just go ahead

pic removed*

 

Hi PvA,
You must have another rule that is over-riding, or your policy is corrupt. I see that you have a lot of activity in Ask user/system applications.......why is there a system applications in Ask user? You also have a lot of packets going through the trusted zone

If you are sure there are no other rules that are intercepting the packets for your torrent client, you may need to re-start - load a new "optimal policy"...and start again.

edit
You could upload your policy if you would like me to take a look.

 

Ok, have a look. I hope it´s better now.

 

Hi PvA,
I see that you have removed a lot of rules from your policy before uploading, but you still have a lot of "allow inbound connections" within your policy.
Your policy, is, well, a little messed up, I really think you should take the time to create a new policy, taking into account that the only pgms that require inbound connections are server programs.(apart from the inbound loopback-which in the default policy, is covered by the trusted zone in the setup wizard)

 

Stem,

Another newb question. Does "access to network" mean access to the LAN or to the internet?

In your posts #55 and #60, you have different permissions for apps in System Applications. You mentioned that one of them was used for MS updates. Does this mean you have different configs floating around, and that you load them under different circumstances?

Thanks for all your help.

 

Hi lars

This gives access to the trusted zone (set up in the "config wizard", which is basically allowing loopback and access to pre-defined open rules (eg: listen ports) to the Lan (or IP`s entered at config).

Yes, the ruleset in post #60 is my setup while general browsing (like when I visit this forum), and policies for others, such as updating from microshaft. (it keeps a tight hold on comms)

No problem,

 

Now I've got a new issue. I reverted the fw back to factory defaults to make sure everything was OK to start.

I'm working within Dreamweaver 8. I'm in their Extension Manager, where I can choose to go to Extension Exchange, a page on the internet.

Immediately when I click on that icon, I get the pop-up message which I've attached, to which I respond, allow. However, after that response, the web browser cannot see that site. Not only that site, but any other.

I also placed the resulting entry in the Process Attack Table.

What am I missing here?

Image removed. Please resize images to an acceptable size before posting - Ron

 

Hi larzeb,
Your attachement as been removed,.....but before you resize/repost....there are some known problems with Dreamweaver 8/Extension Exchange/Manager, have you been to Adobe to check for updates?