Questions regarding strange problem and regular problem. Help is appreciated!

First off, let me just say I love LnS. The only firewall that is a firewall and not everything else.

I have a couple of questions that I need resolved if my setup us going to be satisfactory in LnS.

I'm using the enhanced ruleset;

1. If I have the "All other packets" rule enabled my Ethernet connection fails after a short period of time and i have to reset/troubleshoot it to make it work again.

I don't know why but I remember observing the same behaviour with PeerGuardian a long time ago; So some type of packet that is getting blocked between the router and Ethernet card causes the connection to go awry. Any ideas?
(BTW, this is not a overload of traffic issue and I don't need to restart the actual hardware, only need to rightclick icon and "repair")

2. I'm trying to setup my RDP and SSH server;
If "TCP : Any other packet" is enabled I can't connect to any of them from the outside. I've tried to edit the rule to "everything not equal to 3389", and I've also tried making a new rule specifying - Ethernet type: IP, Protocol: TCP, IP-address: equals my @ (in the left-side pane).
I've placed these rules on top to reserve those ports before the other rules are implemented.


So what am I missing? This is really basic functionality and I must misinterpret the GUI somehow.. I mean, how is the rule order implemented? The higher ones on the list supercedes the lower ones? As soon as I disable the 2 rules in question I don't loose my Ethernet connection and I can connect to my services from the outside.
Disabling the rules also doesn't seem to affect the security report at f.example Shields Up (http://www.grc.com/intro.htm).

So if I get this solved or not aside; How important are those to rules when I'm already behind a router administered by me with only neccessary ports open?

Finally, a sort of bug I noticed:
When I reset/repair the connection, the firewall stops working.

I have to either 1. quit the firewall and start it again, or
2. go to options, select a different adapter, apply, then select the correct adapter and apply again.

This seems like a bit sneaky and dangerous securitywise... I mean, who checks their firewall status at regular intervals?

 

The higher ones on the list supercedes the lower ones, if no matching rule exists to explicity permit or block then the catch-all, master-block rule 'All other packets' will be triggered.

You shouldn't ever disable the master-block rule 'All other packets', you have to figure out what type of packets being blocked thats an necessity.

The different Online WebScanners uses normally simple TCP SYN packets, just having the rule to block incoming TCP SYN packets (TCP : Block incoming connections) is enough to block these.

 

I don't share the same conclusion as you, bit sneaky you say? It's an unforseen thing or unsupported event, and can be a little dangerous. But be real, when you reset/repair the connection (and not talking about releasing and renewing adapters), it's usually required to re-boot afterwards for possible changes to take affect .. depending on the method used.

I personally don't see ANY way whatsoever how the firewall company can gain by this experience, ... do you think the product takes this opportunity to leak to it's server? ... I simply don't know how you can say bit sneaky, sorry.


Regards,
Phant0m``

 

Hi again,and thanks for your help.

I just wanted to point out that you misinterpreted my meaning of sneaky;

All I meant was that the firewall for most people is running in the background.
Now, if you get a connection problem that you then solve by right click/repair on the systray network icon in windows you in effect don't have a firewall anymore unless you restart the application or reapply which adapter to listen to in options.

So all I meant was that the firewall should silently re-pick correct adapter and activate firewalling instead of just copping out leaving the system completely vulnerable.

I'm running Win7 by the way, it may not be an issue under other OS's

 

All good then


Was 'Automatic selection' enabled in Look 'n' Stop - 'Options' TAB?

 

Yes Auto was hooked.

I had my computer on for a day without knowing I was wide open to the net, hence the comment about sneakyness

It seems to work well now with the rules and services connectable so I'm really happy with this firewall.