Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Aureliano Buendía]

I think that is very important that the JPW uninstalling process, not delete the config folder or jpfConfig.xml!

Ciao.

[AJohn]

I would appreciate it if the Jetico team could respond to each request

[Kicker]

Green is for allowed traffic, red is for blocked traffic. If your browser is allowed by the firewall, both incoming and outgoing traffic is allowed due to SPI.

[Prince]

hi the tary icone for jetico when browes the internet it both flash goes green the out going should always go red and in coming shoud go green always but how come it always green both arrow flash up and down the color is green one shoud be green one red thanx

[repete]

There are two things that I still would like to see get improved in JPF. These two things I have wanted going back to JPF1.

1. Improved Application Checksum. Initial application checksums should get added silently. The only time there should be a pop up is when a checksum has changed for an application, in which case you should be able to simply update the old checksum.

2. Full Stateful Inspection with timeout values in the registry that the user can adjust.

[Alffa]

Jetico should save the window layout. I always move the 'application' column to second position (since 'description' is useless here) but everytime system is restarted positions are reset.

This is what I wouild like to see as well. And in addition, to be able to move and re-organise the column placements and save this info permanently. That way I can adapt the window to my personal liking and use the available space like I want.

Also I would like to see Mac-address rules on application side also. If you know how Iptables on linux works, there is a possibility to "mark" packets at some level inside firewall and use that "mark" at later point to quide packets.
Eg. Mark all packets from some Mac-address with "Label" and use that in Application rules to pass packets with this "label" through. Could be useful other situations also...

With these additions I am close to purhace a license.
Somewhat waiting also a license for home users with reduced pricing (3 computers with Jetico FW - 120 EURO:s seems a bit high...

[Aureliano Buendía]

-   An « Check for update ».[/url]  + 1

+ 1.

Ciao

[pepak]

Another very useful functionality would be "Debug mode". Logging is certainly a powerful tool, but it only works for matched rules. The debug mode should work in the opposite direction: It should list all rules which were checked and found unsatisfactory (and tell me why it was so). For example, I am trying to get Opera to work. Logging won't help me because for some reason Opera doesn't match any rule so no log message is ever written. If the debug mode told me that among many other irrelevant rules there was rule "Opera Browser" which got skipped because destination port didn't match, I would know that I should check which port was Opera trying to access and why it wasn't listed among the ports of the 'Opera Browser' rule.

Obviously there would have to be some filtering because a lot of traffic is going on all the time and getting a huge multimegabyte list of non-matched rules every second isn't helpful. If I could tell JPF that "I am only interested in traffic with destination address http://www.opera.com", it would be good enough.

I think this feature would be crucial for spreading Jetico Firewall. From my experience most people are put off by the fact that JPF is very difficult to set up (although it appears to be easy). I mean, I do consider myself quite an advanced user, with more than three years of JPFv1 experience (and another 5 years of other firewalls and network setup), and I _still_ sometimes encounter situations where I can't get JPF to work as I intend. Like just now: I once again installed JPF2 into my virtual machine and tried to set it up. I got as far as letting it ping Google when in Allow All policy, but I can't get Internet Explorer to connect anywhere unless I shut down the firewall (that is, IE won't connect even in Allow All!!). A debug mode which would tell me WHY my rules aren't matched, would help tremendously - on the other hand, right now I am ready to give up on JPF2 (again) and return to JPFv1.

[pepak]

Search function could be extremely useful, e.g. for finding rules that affect application "C:\Windows\System32\ping.exe".

[DoomWriter]

I would like to see an option to customize toolbars and tabs, for example, for me it would be more useful if the "Network traffic" and "Applications" tabs were together: traffic graphic on top, and applications below, in the "Traffic summary" table.

If possible, i also would like to see a "Bandwith Usage" per application column added to the applications table.

Don't know how much work it would give, those are my thoughts for improvement...  

[Bluelight]

1. Would be really handy if one could easily assign an application to multiple groups. So if for example you have WEB_ACCESS & FTP_ACCESS groups defined, one could assign Firefox which would be already part of web group to ftp group as well. Currently this is manual job (copy path and add).
2. For checksums, a "Update" function: would present all changed or removed applications and offer to update / remove from checksum tables.
3. And maybe to combine two above features: have a enroll wizard for applications that would assign an app to specified groups and create an entry in checksum tables.
4. 3 actions: allow, drop & reject (like iptables): a real reject (negative response) is useful sometimes, if you trust local lan or if you want to reject 113 (ident) used sometimes during ftp login process

Personally I prefer to define most (if not all) of the network / application rules in function of groups: application group, protocol groups & address groups. This does limit the amount of necessary rules significantly.
So for example:
   "Mail clients" are allowed to connect to "Mail servers" using "Mail protocols"

Clean & simple

blue

[Spectrowl]

-   An « Check for update ».
-   Propose to disable the Windows Firewall in the JPF installation.
-   http://www.smokey-services.eu/forum/viewpost.php?p=9394  + 1

[PeterPaul]

If I want to block network addresses with JPF, I select "Groups --> Blocked Addresses --> Edit --> Add" and enter the address range. This is ok. What is not ok, is that I can not comment the entry I just made. I have no option to name that network address, so next time I see it in the list I wonder what the heck might that address range be and why have I blocked it.

Request: Please add possibility to name or comment entries in the grous lists.

This would be a nice feature!

Currently I make a new group for every relevant set of addresses, so I know where they belong to. For example I make an IP-group with Microsoft addresses, or another group with DoubleClick addresses. I can then use these groups in my Block or Allow rules.

This is useful for smaller sets, but cumbersome for large sets. I made a similar request previously for loading large sets of Block lists, like those from PeerGuardian, which usually contain an IP range and a description. This could be integrated into the Groups UI. (Outpost firewall provides such a feature through a plug-in.)

[anan321]

If I want to block network addresses with JPF, I select "Groups --> Blocked Addresses --> Edit --> Add" and enter the address range. This is ok. What is not ok, is that I can not comment the entry I just made. I have no option to name that network address, so next time I see it in the list I wonder what the heck might that address range be and why have I blocked it.

Request: Please add possibility to name or comment entries in the grous lists.

[egandt]

It would be nice if there was an option in the pop-up dialog box, when a process attempts to access the internet to do an NS lookup at least, since manually performing this operation is just annoying.

ERIC