Jetico Personal Firewall

Discussion in 'other firewalls' started by Kerodo, Sep 2, 2004.

Thread Status:
Not open for further replies.
  1. Diver

    Diver Guest

    I tested 445, 135 and a couple of others, and had no problem. Perhaps there is a conflict with another appliction rule.
     
  2. dukebluedevil

    dukebluedevil Registered Member

    Joined:
    Sep 14, 2002
    Posts:
    177
    Are those ports listening on your machine?

    I don't think it would be another rule causing this since I didn't add or change much in the rules at all before testing it. I will reinstall Jetico again later on tomorrow and double check this.
     
  3. Kaupp

    Kaupp Guest

    20. v. 1.0.1.49 Freeware, 21st January, 2005.
    Stateful inspection is enhanced for inbound connections. Minor enhancements and fixes are made in user interface.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I believe 445 is listening here on my machine. 135 also. I don't think I get the popup on those ports because my ISP blocks 445 and 135. Maybe your ISP doesn't block it? That could be why you see it but others don't...

    Note: I just did a scan without the firewall and my 445 and 135 show stealth, so my ISP is blocking them. Yours probably does not block 445, so JPF gives you a popup because that's a listening port. Diver's ISP probably blocks 445 and 135 also, like mine.

    Do a scan at grc.com without the firewall and see if 445 shows as open. Then you'll know...
     
    Last edited: Jan 22, 2005
  5. BillLudum

    BillLudum Guest

    Do I need to uninstall the older version to install the latest jetico? I don't want to lose my rule sets.
     
  6. Diver

    Diver Guest

    I would uninstall the old version first. Make sure nothing else is running when you uninstall, especially your AV.

    Before you uninstall, do a search for the file optimal.bcf. Theone located somewhere under "Documents and Settings" is your config. Save it, and use it to replace the default config that the new installation will place there. Note that if Jetico makes changes to their default rules, this will not pick up the changes. However, this release makes no mention of changes in the default rules.
     
  7. Robertludlum

    Robertludlum Guest

    Turns out like most installers these days it is able to detect older versions !

    Upon restart it asks you if it wants to replace the older rules with factory settings.

    I said no. I dont know if this is a good idea really.
     
  8. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    Just save your ruleset, then when you install just load your saved ruleset. :)
     
  9. dukebluedevil

    dukebluedevil Registered Member

    Joined:
    Sep 14, 2002
    Posts:
    177

    My isp doesn't block any ports so traffic goes straight to Jetico to process, so that explains why you aren't seeing what im seeing then. I reinstalled the latest Jetico version again and made no changes to the rules other than just allowing my browser out and allowing traffic to my dns and I noticed the same thing as before where Jetico bypasses the Application table and goes straight to the Ask User table instead to process traffic to listening port 445. What I don't understand is why is Jetico doing this when it should be getting blocked like all the rest of the ports by the rule "block all not processed IP packets" under the Application table? This is something that needs fixing as well in my opinion. While its not as bad as before when they were just allowing traffic through, its not something that should be happening. There needs to be some consistency here in the way the rules are processed.
     
    Last edited: Jan 22, 2005
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Duke, I think that this is normal and ok. JPF is asking you about the incoming packet because it's to a listening port. It should do this when something comes in to any listening port I believe. That's how it works here too. When a packet comes in to 1025 here, it asks me about it because MsTask is listening on 1025. The only reason I don't see it ask me on 445 is because my ISP is blocking it, so JPF doesn't see it. If you don't see it on 135 for example, then perhaps you ISP is blocking 135... I think all is ok.. Turn off the firewall and scan 135 from grc.com and see if it shows stealth. If so then your ISP is blocking 135.

    If the above isn't the case, then I'm not sure what's going on. Maybe write to Jetico about it? I'm seeing no problems here though.
     
  11. dukebluedevil

    dukebluedevil Registered Member

    Joined:
    Sep 14, 2002
    Posts:
    177
    My bad! It is not the Application table that the "block all not processed IP packets" rule is under its the System IP Table. I saw the rule "block all not processed.." under the Application table and thought it was the "block all not processed IP packets" rule when instead its "block all not processed applications". When I looked at it the "applications" part was not visiable so I guess I just assumed it was "IP packets". I guess I jumped the gun on this one, it looks like this is ok and not a problem after all. Sorry about the confusion. :)
     
  12. Diver

    Diver Guest

    On my listening ports Jetico does not ask me what to do when the inbound came from any remore port other than 20. I believe that Jetico treated the inbound connection as being directed to a closed port. When the inbound came from remote port 20 there was a rule for KAV that let that traffic in, so that was when Jetico asked me waht to do with the connection.
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I think it should be asking you what to do on listening ports unless your ISP is blocking them, in which case JPF wouldn't even see the inbound packet.
     
  14. Diver

    Diver Guest

    K-

    Rather than askine me what to do, JPF just showed a log entry for "Block not Processed". I think it has something specific to KAV and how it intercepts ports 25 and 110. But, I do not know for sure.
     
  15. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Interesting.. I guess I'm confused about what the problem is.. For me all seems well here...
     
  16. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    I installed 1.0.1.48 over 1.0.1.47, and 1.0.1.49 over 1.0.1.48. Both time I choosen "Shutdown firewall" from the tray icon menu before installing over. It caused no problems. Both cases a popup window told me that the default ruleset was (I checked, it was indeed) updated, and if I would like to replace my current ruleset with the new factory defaults. Both cases I selected Yes, because it is not that big work to build back my customized rules. I already suggested to Jetico support a new feature which would enable to both apply the new factory defaults, and keep your customizations. For example by keeping user selected tables from the old ruleset.
    -hojtsy-
     
  17. Diver

    Diver Guest

    K-

    I don't think there is a problem. Its application specific. If JPF treats an inbound as not processed and there is no outbound response then nothing got in.

    On the listening ports, when the remote used port 20, JPF did give an application response window, but only becasue KAV has a rule allowing inbound traffic originating on remote 20 to local ports in the same range as the listening ports.
     
  18. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Ok, then that's good I guess.. No problems is excellent... :D
     
  19. Diver

    Diver Guest

    Some useful things to add to JPF:

    Password protection of settings.
    Larger fonts in the edit window.
    Application hash update (in the works per Kerodo).
    Abilty to edit network parameters, or rerun setup wizzard.

    Can anyone think of anything else that is not an attempt at code bloat?
     
  20. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I think they also need to rework their default rule set a little. Their dhcp rules and their windows update rules don't work for me. JPF prompts me for those two.

    I hope they keep it simple for a while and avoid bloat. Perhaps just focus on bug fixes for some time until everyone's setup is problem free.
     
  21. Diver

    Diver Guest

    Whoops!

    It is possible to run the configeration wizzard whenever you want to, thre is a link in the program group for it.

    There is some access to the constants via an XML file which contains the definitions for "broadcast address" and "trusted Zone". However, I don't see where "name server" is defined.

    I wonder what would happen if I edited that XML file?
     
  22. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    You can already do that. Go to the Jetico folder in the start menu, and select Configuration Wizard.

    "name server" can be changing all the time. The address is dynamically determined by Jetico in runtime. The best idea I have ever seen to avoid leaks through DNS ports.
    -hojtsy-
     
  23. Diver

    Diver Guest

    K-

    For windows update I had to add the network range:
    64.4.0.0/64.4.192.0 (64.4.0.0/1:cool:

    It takes me a while to decipher those masks.

    theif DHCP rule is for serivces.exe and XP uses svchost.exe, but that one comes easy.
     
  24. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Right, they're easy changes.. I did change them already myself, but someone should probably tell Jetico about it.

    I also went into the DNS rules and enabled stateful inspection. This keeps things tight and prevents all the outbound icmp type 3 that you typically see to dns servers in most firewalls. JPF works very well in that respect. I usually get late and random packets from my dns servers, which come in to closed ports and thus generates outbound icmp type 3. JPF's stateful inspection toggle in the dns rules cuts this out.

    I also do a few other little things like turn on logging for fragmented packets and here and there as needed. I like the configurability of it.
     
  25. Diver

    Diver Guest

    H- thank you for throwing some light on the "name server" issue. Looks like that one needs no change, and you may have noticed that I finally stumbled over the config wizard thingie myself.

    You can view the xml file in IE to get a pretty look at it.

    K-
    I dont think anyone will complain if you give some more detail on your additions to the default system level rules.

    I put a rule in the system IP table to keep all of the inbound junk that comes in on the bittorent server port after the application is shut down from getting into the log.
    Something like reject, log disabled, incoming packet, TCP, source ports :1024-65535, destination port 6881. If anything comes in from below 1024, I want to know about it, the other stuff just makes the log unreadable.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.