Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[jumpfroggy]

Hello All,
I've been using Jetico for a while on my work laptop, and have just started using it at home.  I've previously used ZoneAlarm, but I wanted finer-grained control over the firewall.

I'm mostly concerned with blocking incoming connections.  I have a few rules in "Application Table" like "Allow all Access to Network" and "Allow all outgoing TCP", etc.  I've also set up some incoming application-specific rules, some of which work.  However, I'm still getting a some "Block All not Processed IP Packets" in the log, and I'm trying to figure out why.

I have PowerFolder (file sync program) running, and it opens ports 1337 (I know, bad port) and 10000 (my choice).  I have a couple of rules in the "Ask User" table enabling incoming connections for each port from any source...

prototcol: tcp/ip
application: powerfolder.exe
event: incoming connection
source: any:any
dest: any:1337 (or any:10000)

However, in the log I get the "Block all not processed" messages for incoming packets coming into port 1337.  It seems like my application rule should allow these packets, so I'm guessing I don't quite understand how Jetico works yet.

The readme describes how jetico iterates through rules (top to bottom, into tables and returning back if appropriate, ending at the first matching allow/deny/ask rule).  But it also states that the different types of rules are separate.  Does that mean the packets in question are hitting the "allow" rule in the application section, but are separately hitting a "deny" rule in the IP section?  So basically they're like two different firewalls, one for high level application rules and another for lower level IP rules?

If I put a rule in the System IP table enabling incoming TCP packets coming into port 1337, it works.  But it seems I don't have to do that for every application, so why are these packets different?  Any help appreciated, I realize that the problems are probably arising because of my limited understanding of how Jetico works.  Also, my apologies if I missed an answer during my search.