Jetico firewall v. 1.0.1.60 Freeware, 23rd June, 2005

Released today. Download here: http://www.jetico.com/jpfwall.exe

Fixes and Improvements:
Problem of compatibility with PC-cillin Internet Security software solved. Minor user interface enhancements.

Which hopefully solves my problem under thread: Jetico Firewall Setup where I had to kill one of the Trend Micro processes to get Jetico to not crash my system when dialing in to my ISP.

Need to try it yet.

-- Tom

 

I'm happy to report that the fix worked - i.e. I did not have to kill the PC-Cillin firewall process after disabling it, and the sluggish behavior when right-clicking the PC-Cillin system tray icon was no longer apparent.

When disabling the PC-Cillin firewall (assume conflict w/Jetico) - while retaining the AV realtime scanning capability of PC-Cillin - another issue presents as it also disables the network virus protection from the Network Virus Emergency Center - AFAIK. This involves 57 viruses currently. The issue is whether Jetico firewall protects against these viruses and/or any future ones.

-- Tom

P.S. The answer is no to the issue. It sure would be nice to be able to hook up network virus protection which in PC-Cillin's case is tightly-coupled to its firewall to any independent firewall of your choice. PC-Cillin's firewall is not as robust as others, but when tightly-coupled with the network virus protection capability becomes more so - but, overall still not as strong at stopping the firewallleaktester.com leak tests as Jetico.

 

Just tried this latest version and still it will not work correctly on my machine.

It does not seem to see what is trying to connect. Some it sees such as Avast, Epson spooler, but cannot see Proxomoriton or Moz running through it. It allowed Firfox but never asked for.

Going through the allowed application later it seemed to have allowed some which I had banned. I have now binned till maybe the next release.

 

Maybe try to remove localhost adress from trusted via configuration Jetico program(?) AFAIK all those local proxy progs work on localhost.

 

That may be it. I noticed a similar problem with Jetico running Avast and Ad Muncher here. It failed to ask for one of my browsers when it should have. I had localhost in the trusted zone...

 

You should definitely remove it. Old hands with Kerio 2.15 probably know the tricks i mention below.

Ideally, for a best mix of security and ease of use you should allow localhost access inbound and outbound to all ports EXCEPT the ports in which your proxies are listening on.

For example, you might use Privoxy listening on TCP 8118 (or proxomitron on 8080) and connect through it to Tor listening on TCP 9050.

What you should have is the following rules (leave application blank)

accept disabled TCP/IP outbound connection any 127.0.0.1 1:8117
accept disabled TCP/IP outbound connection any 127.0.0.1 8119:9049
accept disabled TCP/IP outbound connection any 127.0.0.1 9051:66356

Do the same for inbound connection (as above except outbound)

accept disabled TCP/IP inbound connection 127.0.0.1 127.0.0.1 1:8117 any

and the same for the other 2 rules.

That way any normal loopback communications will be allowed (eg firefox/thunderbird opens loopbacks) but any attempt to connection to either Privoxy or Tor will trigger a response from Jetico.

If you use only local web proxy then you only need from 1-8117 and 8119 to 66356 etc.

My own setup is even more complicated thanks to a mail proxy, but the principle is the same.

It took me some time to figure this out, because it seems putting "local address" in the local address field doesnt work.

One side effect of removing 127.0.0.1 I notice is that UDP datagrams (typically from IE which needs a UDP loopback rule) will be prompted. This is fairly irriating so you might create a specific rule to allow that.

 

Pollmaster - Thanks, you are quite right, and I should have realized this from my Kerio 2 rules. For some reason it just eluded me..

I have removed Jetico myself and don't use it much these days because it's such a pain in the ass to configure compared to others.

 

Thanks

Next time I install it I will have a look at that.

 

Hi, how would you set up Jetico to use sockscap with proxomitron and tor? I've already set it up, but sockscap is opening ports all over the place according to tests i did at grc?

anyone know?

cheers khaz

 

I use freecaps, I doubt it makes a difference. I don't see any problems.

 

I find that To use jetico effectively you really need to use groups. Otherwise the "ask" section will get far too full.

Eg I have rules like

Allow Web Proxy connection disabled TCP/IP outbound connection any 127.0.0.1 any 8080

The first time I get a prompt I create the default rule as sugguested.

BTW 1.0.1.60
seems to set default rules much smarter, as it now seems to recognise the concept of ephemeral ports. In the past, it stupidly insisted on adding dynamic local ports as part of the outbound rule sigh.

Then I drag the rule into the allow web proxy connection. It's still a hassle, but if i don't do this, the rule base in "ask" will quickly get overly complicated.

I do the same for the "access to network" rules, though it seems awkfully tempting to just set an "allow all" for that.

The process attack rule also gets full pretty quickly with security software, particularly the "writes to application memory", "injects own code into application" when ad-aware , antivirus etc is scanning. I had to create rules for allowing it to "attack" any application.

 

where can I download freecaps, have you a link?

thx for the info.

 

ok, i used your suggestions for rules from post 6 but added a few more for proxomonitron, and put them in application trusted zone , is this ok?

And, it doesn't matter that grc.com is reporting many of my ports open using sockscap, with Tor and Proxomonitron?

where would I set up allow web proxy?

 

Yep, groups are nice. Jetico is definitely one of those firewalls that you can spend hours working with and configuring. I used to enjoy doing that, but in recent days I have come to like simpler and easier solutions. Now, the less I have to do, the better...

 

Simpler and easier, hell yeah! I agree with you 100%, just relying on my router here and the stress is completely non-existant.