Discussion in 'other firewalls' started by Kerodo, Sep 2, 2004.
i reported issue, submitted form on their site.
Pardon a probably stupid question, but in most firewalls I'm used to seeing UDP as a protocol choice. In Jetico is this either "send" or "receive" datagrams in event, with the protocol choice being tcp/ip?
And in an application such as a P2P would you have to add a port range (say 1000-4750) for receive datagrams?
Forget the question about UDP, just read the last few posts. Sorry.
Just a test message.. Seems like there's something wrong with the forum... no activity for days...??
Well, just waiting for a new release to test
Anyone plays Half-Life, Counterstrike or any other games from Valve ?
I've installed Jetico and this is the only problem I have encountered. I've mailed Jetico about it :
"Games from Valve software refuse to work. all games available on their Steam refuse to connect to servers. They have worked few days ago when I had Kerio PF 4.0.16 installed. Also other games worked and now work fine too (Battlefield 1942, Call Of Duty, even Unreal Tournament 2004, which crashed with Kerio).
I have agreed on JPF questions and I have set both 'modules' of this game (Steam.exe and hl.exe) as Application Trusted Zone. It still fails to connect to particular server (I can browse servers and 'log in' to Steam without problems). More strange thing is it's not working when I set "Allow all" in JF, even Shutting down whole firewall doesn't help (!?). Log file doesn't show anything that could be related to this problems. "
They have sent me some alternate version of bc_ip_f.sys, but it didn't help. They have not answered any other emails.
That is a tricky part. It is possible to set a rule with a verdict of "Application Trusted Zone" but setting some specific filtering criterias into the same rule. So if your rule only matches traffic to IP 188.8.131.52 then you are still only allowing limited traffic for the application. If you want to allow everything a better choise is to set "any" for all event, protocol, address and port criterias, set the application, and set the verdict "Allow". Are you still having problems after setting such rules?
Have had no problems with VALVE/Steam whatsoever. I allowed all network connections and subsequent connections to internet, and everything worked without a hitch.
I have added it to App trusted zone, but even with Jetico closed it refuse to work. But it seems that my computer bahaves bad if it works for other people. Looks like fun-time again (reinstalling windows ).
New version out.
v. 184.108.40.206 Freeware, 18th February, 2005.
Instability when viewing firewall logs is fixed. Security policy unloading feature added
So far, no problems / no difference with this new build. Never had the log-crash bug, so can't comment on that one.
I've only just started using 220.127.116.11, so still very new to Jetico. Can I install the new version over the top of the previous or do I need to uninstall?
Apologies if it is answered earlier in this thread but 13 pages is a lot to trawl through!!
Yes you can install one over the other. It will start asking questions about what to replace and what not. Personally, I always uninstall/reinstall.
And as it can be a pain to totally start from the beginning (if you've written rules and such), you can save your Optimal.bcf file to a different location (found in Documents and Settings\USER\Application Data\Jetico Personal Firewall\1.0) and replace it after installing the new version.
Absolutely right, harrywong! Thanks!
The new 18.104.22.168 version is running very stable on my system. The last couple of versions crashed on me alot when viewing the logs, so I'm glad to see that they finally found and squashed that bug.
This firewall I like alot more now since doing some winter cleaning of the tree structure. I now have alot less tables to have to look at and go through which makes this firewall alot easier to use.
My rule structure now looks like this:
- Application Table
- Ask User
- Process Attack Table
- Protocols Table
- System Applications
- System IP Table
- System Internet Zone
Occasionally they make some changes to the rules, so you might keep an eye out for that when they release a new version. If there are rule set changes then you may want to incorporate the changes manually, or else start over from scratch with a new rule set.
New version is out.
I hope they keep improving the packet filter some more for the next v2. A couple of things I'd like to see get added which are already in CHX-I are: State table timeout values (SYN-Sent, Last-Ack, ect.) preferably put either in the registry or a file so that users can tweak them if they want to and also ICMP pseudo stateful inspection.
I think that Jetico's stateful seems to be very tight. I never see any outgoing ICMP type 3 to my dns servers like I do in CHX-I and others, which means that Jetico isn't allowing any late or stray dns packets in at all. Seems very tight and good.
I used Kerio 2.1.5 for a very long time and I don't remeber seeing any outgoing ICMP type 3 being logged. Never checked this in CHX-I though since I don't use the ICMP protocol personally so I normally just create a rule blocking it without logging so that I don't have to see it. Did you try tweaking the state timout values at all in CHX-I to see about maybe stoping this from happening?
Jetico's stateful inspection seems to be good, all im saying is if it can be improved at all to make it even better, I would like to see them do it.
Sure, any improvements to Jetico would be nice.. I did mess with the UDP timeout value in CHX-I. It defaults to 60 seconds, and I tried it all the way down to 1 second, but a few stray dns packets still slipped in to closed ports somehow. It's not a security issue at all since it's coming from a presumably trusted source. More like just an intellectual curiosity I guess.. But Jetico stops all that nonsense nicely.
May be possible to lower UDP time-out, lower then 60seconds but I wouldn’t recommend. If you don’t allow certain amount of time-out you will experience blockings for legit healthy responses. Anything beyond 60seconds can be considered unhealthy response for legit packets and should be blocked anyways. And what this tells me is CHX-I doing its job.
I haven’t done any research for Jetico yet, so I’m curious to know if Jetico has UDP pseudo-stateful implementation, and ICMP pseudo-stateful implemntation? Or does it only offer TCP SPI?
Yep, I wound up resetting it back to 60 seconds..
Jetico offers TCP stateful as well as UDP pseudo-stateful. No ICMP stateful though, as far as I know anyway.
Separate names with a comma.