JPF v2 beta progress.

Discussion in 'other firewalls' started by Nail, Aug 2, 2006.

Thread Status:
Not open for further replies.
  1. Alffa

    Alffa Registered Member

    Joined:
    Aug 5, 2006
    Posts:
    12
    I have now been trying to do rules by filtering MAC-addresses. It seems to me that JPF2 does not use stateful inspection to MAC-based IP-rules ? EG. If I make a simple rule to allow incoming connection from some MAC-address, JPF allows it (in logs), but does not use stateful inspection to that connection after that and asks permissions in application table where ip-address is kind of required.
    I compare to linux iptables where eg. my samba configuration needs only one mac-address rule to allow incoming connections alltogether.
    Any comments or suggestions ?
     
  2. smb

    smb Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    17
    - I am having the startup problem on Win XP pro SP2 engl.
    - 7022 Time service hung on starting, 7023 IPSEC Services hung on starting. Both might be related to KB 889320 since I disabled the Windows firewall.
    - after that there are several 10010 DCOM errors (GUID didi not register, timeout)

    An error message pops up that the JPF server could not be connected (is not running in services). After a manual start of the JPF server all seems to work fine.
     
  3. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Alos in this case it seams again a problem with services which block ore are blocked from Jetico. Try to disable (one after one) TimeService, DCOM if you don't need it, close port 135 and try again.

    Just for testing purpose you can first do something else. Disable the Jetico Service, Start the PC. Than start manual the file jpfsrv.exe and than jpf.exe or only jpf.exe without starting jpfsrv.exe.
     
    Last edited: Sep 6, 2006
  4. smb

    smb Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    17
    Since the computer is in a domain environment disabling the services is not really what I like to do ;) . The 2.0.0.6 with the manual start did not have this problem but I had no time yet to verify a manual start with the 2.0.0.7.
    However after the initial problems time service etc. seems to work normally. So I expect that the reason lies somewhere in the automatic start of the JPF service. Propably the sequence, a timing issue or something similar.
     
  5. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    That's what i am thinking of also. Compatibility problems, starting sequence problems Jetico and third services. Hope Nail is solving the problem soon. Me for luck i don't use all this third services.
     
  6. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    I also have problems with system startup with Jetico 2.0.0.7 installed. It seems that it conflicts with synchronization service of TurboFTP. I have following events:
    • Timeout (30000 milliseconds) waiting for the TurboFTP Sync Service service to connect.
    • The TurboFTP Sync Service service failed to start due to the following error:
      The service did not respond to the start or control request in a timely fashion.
    This version has conflict with other services on start up.
     
  7. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    I think there will allways be a problem with Jetico as a Service application. Blocking ports by Jetico, get blocked by other services, etc. The service list is endless. So best will be back to the roots as in v1 and start it as a normal application.
     
  8. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    I don't think that there will be problems if Jetico is service. We must remember that it is in beta and if we use beta software there must be problems. Most of the firewall are service applications and I didn't have similar problem with any firewall I've tried. I think that this problem will be solved. AFAIK firewall started as service application is much safer and is started earlier during the boot process compared to ordianry application.
     
  9. gzm55

    gzm55 Registered Member

    Joined:
    Aug 21, 2006
    Posts:
    11
    today, bc_ngn.sys causes a blue screen, when i was just moving a rule. see the snap in Attach:(

    but after restart, jetico works fine.
     

    Attached Files:

  10. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    @gzm55
    This was a bug of Beta 6, strange. By the way nice idea to sanpshot it with a digital cam. I didn't thought about that when it happened at my PC (same reason by the way) some week ago.
    @pcaca
    I agree with you 100% but it won't be a easy task. As i don't use al this services which caused problems latly here, Jetico is running smooth an clean.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Nail posted sept 4th here
     
  12. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    News from Nail Jetico
    Those who still have the service problem do as suggested by @Nail. If you don't have a chance to switch the policy because Jetico GUI isn't appearing in no way do following:

    1. Open the file 'jpfConfig.xml' with Notepad (make backup)
    2. Change following parameter:

    <policy name="Optimal Protection" default="1">
    to
    <policy name="Optimal Protection">

    and
    <policy name="Allow all">
    to
    <policy name="Allow all" default="1">

    3. Save the file and restart Jetico. It will start with the policy 'Allow all', which you can switch than into 'Optimal Protecion' in the Dropdown Dialog.
     
    Last edited: Sep 7, 2006
  13. gzm55

    gzm55 Registered Member

    Joined:
    Aug 21, 2006
    Posts:
    11
    thx for answering.
    :D , just then there is a DC by my hand, and i found it very convenient to me, haha. maybe i will buy a new mobil with a cam:D
     
  14. gzm55

    gzm55 Registered Member

    Joined:
    Aug 21, 2006
    Posts:
    11
    thx, the rule i'v moved is just disabled. hope Nail can solve this problem on beta 8.
     
  15. gzm55

    gzm55 Registered Member

    Joined:
    Aug 21, 2006
    Posts:
    11
    need arp-rule can match ip-addr.
    eg, if we met arp spoofing, we can use some arp-rules to match the gateway ip and real gateway mac with those of arp packages. in this way, we can bind ip and mac, just like "arp -s ip mac"
     
  16. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    I had issue with slow system start up, I sent email to Jetico support regarding this issue.
    After desktop appears Jetico doesn't ask if some application needs indirect acces to network and during that period there isn't any activity (tray is empty, there aren't any icons). In the log i've found 200 entries about ask for indirect acces for same application but I didn't get any Ask Dialog form Jetico. After 3min. icons appear in tray (AV, Jetico, WiFi Software etc.) and I can start using my PC normaly.
    I manualy added rule to allow indirect access for that application and now start up time is back to normal.

    About checksum table, I can't see the reason why there should be checksum entries for Acces to Network, Network Comunication and Indirect Access. I think that one entry is enough. If application checksum is OK, Jetico can process the rules I've defined in Ask User table for that application. Why do I need to allow Acces to Network in two tables (Acces to Network and Checksum Table), also I need to allow application in two tables for Indirect Acces. This is too much rules for one application.

    How checksum table is processed? I have one application which has blocked access to network in Access to Network table and same application has allowed access to network in Checksum Table.
    Has this applicaton access to network or not?
    Which table has higher priority?

    Also checksum popups aren't inforamtive, they don't show the event (Acces to Network...). Which event caused this popup to appear?

    EDIT: I found that if you want to allow all three events in checksum table with one rule, you can do that by unchecking event in the rule.
     

    Attached Files:

  17. leon01

    leon01 Registered Member

    Joined:
    Sep 8, 2006
    Posts:
    5
    I can confirm the slow system start which is described by pcaca (empty tray, no icons). Unfortunately I can´t fix it. Bypassing all Jetico (2.0.0.7) modules also doesn´t solve the problem. I also cannot understand the reason for three checksum popups for each application. This is redundant information which blows up the configuration.
    It´s hard to differentiate the popups. A certain representation (e.g. another color) for each message type would be a great improvement. Like that the type of the message would be directly evident without having to read the displayed text (especially important for Network Communication).
    JPF doesn´t block some outgoing traffic on boot up. After system start it blocks the same traffic.
     
  18. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    If you have Application Checksum Control enabled then you should enable loging for Ask rule at the end of the table, in order to be able to find wich application does Jetico block during start up (doesn't ask you) and manually create rule for those applications.

    I found that log for Ask rules in almost every table of Jetico is disabled. Set Debug for "Log level" for Ask rules in all tables and reboot your system. Wait 3min. for icons to appear in the tray and after that look in the log of the Jetico there you should see many entries with Ask action. After that manualy create Allow rules for every application and problem should be solved on next restart. Notice that I needed to make several restarts in order to catch all applications that required manual rule creation (tip: clear your log on every restart). Restart your system several times as long as there aren't any Ask entries in the Log which you haven't been asked with dialog from Jetico.

    More I use Jetico more I like it, but these serious problems must be solved during this beta period. It would be hard for novice to fight against similar problems.

    Keep up the good work Nail!
    More I use Jetico PF, more I like it!

    EDIT: One interesting thing I noticed is that time diference between first unresolved "Ask" entry in the log and the last is exactly 3min.
     
  19. leon01

    leon01 Registered Member

    Joined:
    Sep 8, 2006
    Posts:
    5
    Thanks pcaca,
    I forgot to enable log for one ask rule. Now it was easy to find the application. I manually created two allow rules for "logonui.exe" and now the start up time is back to normal and also the restart/shutdown is much faster again.
    It´s curious, that JPF blocked this application instead of asking the user, but allows outgoing traffic on boot up for an application with an explicit deny access rule.
     
  20. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Thats very starnge behaviour, which should not be. First Jetico should ak you in case of logonui.exe with 4 popus in case of normal configuration and Windows XP.

    1. Hash indirect access
    2. Hash access to network (which does _not_ mean Internet)
    3. Allow indirect access
    4. Allow access to network (which does _not_ mean Internet)

    All these popus answer with 'Yes permanently'

    Which application is having outgoing traffic on bootup even if you have blocked that? Which rule have you set?
     
  21. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have set up to check what is being allowed out during boot. I am currently only seeing DHCP / ARP broadcasts.
     
  22. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    On my current setup, I am seeing this problem for logonui.exe and other apps that require indirect access on bootup. There is a need to use the allow all (debug) rule at the top of the Indirect access table, enable the rule and set to notice, then re-boot. The log will indicate what is needed to correctly boot (of course a check will be needed to verify the applications etc that are performing the indirect access)

    This problem did not appear on my last test PC.(that I normally use)
     
  23. leon01

    leon01 Registered Member

    Joined:
    Sep 8, 2006
    Posts:
    5
    Jetico didn´t ask me. There have not been any popups in case of logonui.exe. Instead the system start took about 3 minutes longer (as pcaca described in his post). Now I have two manually created rules (hash indirect access and allow indirect access) and the system starts as usual (I know, that access to network doesn´t mean internet ;) ).
    A blocked application having outgoing traffic on bootup was e.g. svchost.exe (time synchronisation).
    rule set: "reject info TCP/IP send datagram C:\WINDOWS\System32\svchost.exe 207.46.130.100 123"

    After manually adding the above-mentioned rules for logonui.exe Jetico blocks this traffic on bootup correctly. If I disable the hash indirect access rule of logonui.exe, the system start is again slow (3 minutes without any activity/empty tray) an in this phase Jetico doesn´t block the traffic.
     
  24. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Again it seams that these problems refer to the Jetico Service. This incompatibilities with third party services results in various problems as mentioned in this and other threads. As i have _All_ these third party services completly disabled, there is no such problem on my working PC.

    I gave it a try, and eliminated all entries from Jetico regarding logonui.exe, and as it should, all popus appear; system is starting with normal speed. All not alloud traffic from svchost.exe is blocked correctly.
     
  25. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    In my case the problem during boot-up was caused by blocking indirect acces for Intel PROSet Wirelles components (software for WiFi card on my Centrino laptop). Some of its components were blocked during sytem start up. Intel PROSet Wirelles is runing 3 services which are set to Automatic start up.

    Is it neccessary to report bugs we found to Jetico support mail, or reporting bugs/suggestions in this thread is enough?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.