Rules without interactive mode?

Discussion in 'ESET Smart Security' started by _Logan, Apr 9, 2008.

Thread Status:
Not open for further replies.
  1. _Logan

    _Logan Registered Member

    Joined:
    Dec 19, 2007
    Posts:
    18
    Is it in anyway possible to set rules without entering interactive mode? I'm in automatic mode, but I want to allow incoming connections on a certain port/application. Every time I try and communicate with that application or port remotely, it just gets blocked.

    No need to set it to interactive for the need of only one rule, and then be forced to make a rule for every other connection.

    Would it work if I went into interactive mode, added a rule, then switched back to automatic? Would it preserve the rule?
     
  2. GaryRW

    GaryRW Registered Member

    Joined:
    May 14, 2005
    Posts:
    141
    Location:
    OH, USA
    No. You could create rule and then return to Automatic and the rule would be retained.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Create the desired rules in the interactive mode, switch to the policy-based mode and enable the following rules:
    1, block all unknown inbound traffic
    2, allow all outbound traffic
     
  4. diffy

    diffy Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    31
    Location:
    LI, NY, USA
    Is this because rules are followed in interactive & policy modes, but ignored in automatic mode? (Trying to come to grips w/ the ESET structure.)
     
  5. ASpace

    ASpace Guest


    Yes , it is.
     
  6. GaryRW

    GaryRW Registered Member

    Joined:
    May 14, 2005
    Posts:
    141
    Location:
    OH, USA
    Me bad....:mad: Rule is retained, but not in force if you return to Automatic Mode.

     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    In order to make the firewall work like in automatic mode whilst applying rules you have defined, please follow my instructions in post #3.
     
  8. GaryRW

    GaryRW Registered Member

    Joined:
    May 14, 2005
    Posts:
    141
    Location:
    OH, USA
    What about stopping zombie/robot outbound, esp those that contribute to DOS attacks on other sites? I suppose malware detection should have caught any resident, but what if it hasn't?
     
  9. _Logan

    _Logan Registered Member

    Joined:
    Dec 19, 2007
    Posts:
    18
    Marcos,

    I created the rule and switched to policy based mode as you said.

    However, I was unable to find where to enable those 2 options. In the rule editor where I added the rule in interactive mode, I didn't see those 2.

    Once in policy based mode, can you tell me where to find those 2 options? They weren't in the rule list.

    Thanks.
     
  10. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    In Advanced Setup/Personal Firewall/Rules & Zones the (for me) Default "Rules to Display" at bottom is "User & Pre-Defined Rules (sounds logical & complete - but it isn't). The Drop-Dn menu allows "All Rules" and that's when you'll see those Marcos Rules in Zone & Rule Editor.

    I twice have posted the Marcos Inbound selection did not exist but stumbled on it this a.m. Well intentioned Help with ESS still requires imagination, exploration, and patience.
     
  11. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    Thx Cosmo26 for needed additional info...
    -----------------
    added:
    and after this you get :"Your system has achieved a perfect "TruStealth" rating".....
     
    Last edited: Apr 12, 2008
  12. _Logan

    _Logan Registered Member

    Joined:
    Dec 19, 2007
    Posts:
    18
    Hi,

    Thanks, I see them now... and they are enabled, along with ALL other rules. But once I press OK, I can't browse the internet... it seems that everything is blocked?

    Do I need to uncheck any of the rules? Right now they're ALL checked, in addition to my one added rule which is just to allow communication on one port.
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you enable the rule that allows all outbound traffic and concurrently enable the rule to block all outbound traffic, the latter will take precedence over the former one as blocking rules have higher priority.
     
  14. _Logan

    _Logan Registered Member

    Joined:
    Dec 19, 2007
    Posts:
    18
    I don't know what I'm doing wrong... but I still can't connect to VNC on port 4899 from another computer.

    I switched to interactive, added the rule to allow communication port 4899 both ways. Switched to policy based mode, chose to show ALL rules, unchecked block outbound traffic.

    I tried to uncheck "block all unknown incoming traffic" just to test it, but that did nothing either.

    It still doesn't work.
     
Thread Status:
Not open for further replies.