Automatic + Some Policy Rule Defaults?

Discussion in 'ESET Smart Security' started by alphadog, May 15, 2008.

Thread Status:
Not open for further replies.
  1. alphadog

    alphadog Registered Member

    Joined:
    Mar 19, 2007
    Posts:
    35
    I understand that automatic firewall mode means all outgoing allowed; all inbound blocked, unless a response to an outbound communication.

    Works somewhat well in an office situation where end-users are not prepared to be pestered for every networked app. Also, the fact that you would want to lock-down the AV with an admin password would mean having to enter the password at every new rule.

    I have that set on all the pushed SS BE clients in my office.

    But, what if I want to allow inbound defaults? For example, for Spiceworks I need to allow inbound ICMP, inbound TCP 135, 445 and 1024-2000 for WMI on TCP, and inbound 137 on UDP.

    Can I open these ports while the firewall is set to automatic? From what I can tell, no.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You can create your own rules in the policy-based (admin) mode. With the "Allow all initiated inbound traffic" and "Block all outbound traffic" rules enabled, the firewall will work like in automatic mode whilst applying your rules to the communication.
     
  3. alphadog

    alphadog Registered Member

    Joined:
    Mar 19, 2007
    Posts:
    35
    I know where to switch the app to Policy-based in the XML config file, ie. under Personal Firewall -> Setup -> Filtering Mode

    But where do I enable "Allow all initiated inbound traffic"?

    Is it a setting like Filtering Mode, or a rule I create some in Personal Firewall -> Setup -> Rule Setup? If the latter, how does one set it up to allow all inbound responses?

    Thanks.
     
  4. alphadog

    alphadog Registered Member

    Joined:
    Mar 19, 2007
    Posts:
    35
    <bump>

    Any answer on this? How do I setup this kind of "allow inbound to initiated outbound" that the automatic setting seems to allow?
     
  5. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    Advanced Setup/Personal Firewall: Set Filtering Mode to Policy based---Then, Under Personal Firewall Tree on left Clk Rules & Zones/Zone & rule Editor: Setup is where you'll see the lines of Rule Choices.

    Note that if you look at Zones & rule Editor page at bottom for "Rules to Display" Menu it probably says "User & Pre-defined" -- but some of Marcos prior posts suggestions ONLY SHOW IF you Clk the Drop-Down Arrow and Select "ALL RULES" - I'd do that unless an expert posts otherwise.
     
  6. alphadog

    alphadog Registered Member

    Joined:
    Mar 19, 2007
    Posts:
    35
    <bump>

    @Marcos: Again, where are the rules in post #2 in this thread found? Better yet, since I push clients, can I have the appropriate config XML for rule-based that works like automatic?

    Thanks.
     
  7. alphadog

    alphadog Registered Member

    Joined:
    Mar 19, 2007
    Posts:
    35
    <bump>

    Still looking for an answer here.

    Can't get my work done properly without some ability to have easy firewall rulesets established.

    To repeat: How do I set "Allow all initiated inbound traffic" and "Block all outbound traffic" while in policy-based firewall mode?

    If there is no way to do this, please tell me so. That way I know I need to look for a different desktop firewalling solution...
     
  8. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    When I just just followed my prior instructions I got a Page View Unlike I had seen prior (maybe Module update caused it) - I then noticed "Toggle Application Tree View" at the top and when Clk'd, it showed the Rule Choices you mention - I'd Clk "All Rules" in Rules to Display as stated prior.

    I hope that's all you have to do.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You should see these rules in the policy-based (admin) mode:
     

    Attached Files:

    • fw.jpg
      fw.jpg
      File size:
      11.6 KB
      Views:
      215
  10. alphadog

    alphadog Registered Member

    Joined:
    Mar 19, 2007
    Posts:
    35
    Okay, I finally see what went wrong:

    You have to open the control panel, go into the advanced setting tree under Setup by clicking "Enter entire advanced setup tree", switch from auto/interactive to policy-based under Personal Firewall, then click OK. This will dump you out of the tree-based settings editor, but it is apparently necessary for the default rule set to be swapped out to match the mode chosen.

    If you switch modes and do not OK it, and try to immediately go into the Rule Editor, you won't see rules related to that "new" mode. You will see rules related to the "old" mode you are changing away from.

    Then, go back in as above and go to Personal Firewall -> Rules And Zones. First, select "All rules (including system)" under the "Rules to display" drop-down. Then, click on the Setup button under "Zone and Rule Editor" to see the rules Marcos shows in his image.

    That would explain my inevitable confusion. This should probably be clarified in the interface by adding a label of the ruleset that is about to be displayed next to the Setup button that gets you into the rule editor.

    Couple of remaining questions for the policy-based rules:
    1. What is and how is "unknown outbound" determined?
    2. Some of the uneditable system rules indicate a "special action" (orange arrow). What is the "special action"?
    3. If one enables "Allow all outbound traffic" and "Block all unknown outbound traffic", which one wins?
    4. Are the firewall rules considered in an ordered fashion? (They'd have to be) If so, how do I see the order? If I sort by name, I do I restore the processing order?

    Thanks.

    Thanks.
     
Thread Status:
Not open for further replies.