Hello Frederic, I have been running the latest build for a while, without any problems, but, I did decide to run opera browser, for some reason I am seeing blocked outbound packets for DNS(raw rule) and TCP connections(open outbound TCP rule with changed remote port to 80). Is there any know conflict with L`n`S + Opera? (Please note that these are outbound packets (requests/ TCP SYN), not inbound) Regards, Stem
Hi Stem, No, there is currently no known issue with Opera. Do you mean the DNS SPF rule didn't allowed a first DNS packet, and just after another packet was not allowed by a TCP port 80 rule ? One reason could be the local port for both packets was not in 1024-5000 range. But it would be strange this is specific to Opera. Do you have more information on the blocked packets (local port especially) ? Did it finally work, or any web page with Opera presented the issue ? Thanks, Frederic
Hi Frederic, The blocked packets are random, but all outbound. The packet where within the port list to allow, as seen above, those are the packets dropped while connecting here, since that screen grab there have been 6 more blocked outbound TCP connections to this site. It is only when using Opera browser, and just wanted to check if there was a known issue. I will re-install Opera. Regards, Stem
Stem, Can you export and post the two corresponding authorizing rules? Also what version of Windows you running?
XP pro sp2 all up-dates. If I thought it was a rule problem, and posting them could help, then I would, but, the problem is only with opera, when using firefox there are no blocked outbound. I have just re-installed Opera (latest build), so will run it for a while to re-check. Regards,
So then you using official unmodified pre-packed authorizing rules... Thanks for the clarity! It's not an enough to see just the window capture of the Look 'n' Stop - Log screen, can you post the Packet's content screens for the two types of blockings?
As I mentioned in my first post, the default TCP Authorize rule as been edited to only allow remote port 80. After re-installing Opera, there are no DNS lookups (currently) being dropped, but still outbound TCP connections. I have run FF and IE without problems. After 10 min of browsing this forum with Opera, I see:-
First guess..., Perhaps there's an problem with 'Equal my @' or 'Local In' criterias, you could rule them out..
But as I have mentioned, if it is a rule problem, then why is it only a problem with Opera? I am currently running FF, with the exact same ruleset with no blocked packets.
Actually this is a known issue! I do see these outbound entries, too! A long time ago I reported this to Frederic. As far as I remember he told me that LnS might be too slow to react to the outbound request (too slow in regard to use the correct rule "TCP: allow port 80"). Therefore it blocks the packets at least ones before it is finally passed. By the way: I have one more application that reacts in the same way: it is called "Winbiff.exe" (an E-Mail notification tool). It produces log entries (blocked traffic) on port 993 (IMAP-SSL). I learned to ignore these blocks. However, it prevented me from generally using Opera, because it dramatically slows down browsing speed Thomas
Hi Thomas, Yes, it is a problem with the rule activation. If I leave the rule open for all applications then no blocked packets when using Opera, but if I place Applications within the rule (Opera included) then the first packet is dropped. [It looks like there is a time out of about 5 seconds for the rule. So any new packet sent within this time out is allowed, but any new outbound connection attempt outside this time, then the first connection attempt is blocked] Regards, Stem
Associating Applications..., no wonders! Exporting the two associated authorizing rules and posting would have helped from the beginning!
So, are you now saying there are issues with Opera? or simply issues with Application association? It would of helped at the beginning if Frederic had mentioned the known problems rather than clearly stating:- So will this be fixed? Are do some applications just send packets too fast?
I'm sorry, this is really what I thought when I've written it. If there was common support cases on this issue, I would have said something else. But it is not the case. And unfortunately, I didn't remember the following post: https://www.wilderssecurity.com/showthread.php?t=76207&highlight=opera And there are probably many other posts I no longer have in mind... I've to investigate further to know if a fix is possible. Something to try: increase the priority of Look 'n' Stop application. Even if this would be only a workaround, it may help to understand more about the issue. Frederic
I've reproduced the issue with Opera. If I set the priority of Look 'n' Stop process to High, then the issue disappears. I will try to propose a patch for lnsfw1.sys. Frederic
Hello Frederic, Thank you for checking. I prefer not to change interupt priority. I have seen that there is no problem with placing a blocking rule with associated applications, even Opera is blocked with a specfic rule, so the problem is only with allow rules (so not a security problem). So I can work-around this without problems. That would be good, and certainly appricaiated, as it may not just be Opera that causes problems? Regards, Stem
