BUG: ESS firewall ignores custom rules for IGMP

Discussion in 'ESET Smart Security' started by mauricev, Sep 10, 2009.

Thread Status:
Not open for further replies.
  1. mauricev

    mauricev Registered Member

    Joined:
    Apr 15, 2008
    Posts:
    43
    If I want to enable IGMP (and related UDP) in my trusted zone, I cannot do so with custom rules. For example, on the XP SP3 client 129.98.90.228, IGMP gets blocked

    Code:
    8/14/2009 2:48:25 PM	No usable rule found	129.98.90.228	224.1.0.38		IGMP			
    
    8/14/2009 2:48:23 PM	No usable rule found	129.98.90.228	239.255.255.250	IGMP
    even though I have rules for the Trusted Zone (includes the 129.98.90. subnet) to allow it:

    nod32_igmprule.jpg

    Tech support told me to willy-nilly enable everything in allowed services

    nod32_allowedservices.jpg

    This works, but why should enable things I don't need? For example, I don't need IGMP for the whole Internet. I already have an explicit rule. I believe this is a bug in firewall module 1051 in 4.0.437, which is that it ignores custom rules specifying IGMP.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    So the IP address 224.1.0.38 is not in the trusted zone, right? If that's the case you'll need to specify the remote IP or range so that the rule is more specific than the default blocking rule and will take precedence over it.
     
  3. mauricev

    mauricev Registered Member

    Joined:
    Apr 15, 2008
    Posts:
    43
    Well, it is. 224.1.0.38 is a special IP address defined in the IGMP protocol, not an ordinary IP address that you'd specify in the "remote IP" field.
     
  4. mauricev

    mauricev Registered Member

    Joined:
    Apr 15, 2008
    Posts:
    43
    Just wondering if this got passed onto the developers.
     
Thread Status:
Not open for further replies.