Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[zermatt]

Thank You Very Much for your help! INeedH3lp
Cheers 

I must admit creating the 'Go To Table' is a little tricky and quite a hidden feature
as even the JPF Help Files don't fully document on how to do this. But like everything
else it's easy when you know how to do it! This is how I had to do it:

1. Right Click and choose Create > Application Table.
2. Rename the newly created table to whatever you wish to call it.
3. Clone on of the other 'Go To Tables'.
4. On the cloned table, right click and choose Edit.
5. In the 'Action' combo box (drop down list) choose the table you named in step 2 above. 

[IneedH3lp]

Just one last question is it possible to make under the Configuration Tab an application action rule with a
'Go To Table' blue arrow, so I can nest further rules underneath this? Can this be done and if so how?
Like what you would find in Optimal Protection under Application. As I can't seem to do this, i.e. I can
clone one but cannot rename it! 

Simple enough- do this:

1. Right click on any application table > Create > Application Table



2. Create a new application rule and from the action drop-down menu select the newly created application table.

Now the new rule should act like a pointer, a proxy or a link to that application table.
You can create as many proxies as you want.

[zermatt]

Thank's INeedH3p! 

I followed what you described with one exception, and that is, I Cloned Optimal Protection, stripped it back
[ the Cloned Version ] and followed what you said. And now everything is working sweet! But I do believe,
after more testing that adding the modem LAN address under the Groups Tab > IP address > Trusted
Addresses also had an impact as this was peculiarly missing?

Just one last question is it possible to make under the Configuration Tab an application action rule with a
'Go To Table' blue arrow, so I can nest further rules underneath this? Can this be done and if so how?
Like what you would find in Optimal Protection under Application. As I can't seem to do this, i.e. I can
clone one but cannot rename it! 

[IneedH3lp]

Parfumeur,

Yeah, that entry goes into the [Enter popup question], after that you're creating another rule (a top-most rule) that allows all kind of events except inbound and outbound connections.

[Parfumeur]

1. Clone the Allow all set of rules;
2. Rename it the way you like (e.g. _0001_y10m02d05);
3. Leave the Network , Process Attack and Application checksum tables on ACCEPT;
4. Focus on the Application table;
5. On the application table, set the default rule to REJECT;
6. Create an ASK rule over it, click Advanced and insert this:

Code: [Select]

Network activity detected!\n\nApplication: %application%\n\nActivity type: %event% (%parent_event%)\nLocal Address: %local_addr% : %local_port%\nRemote Address: %remote_addr% : %remote_port%\n\nDo you want to authorize it?
>> I guess this entry goes into the [Enter popup question]

After that I'm a little confused.

Thanks for any tips.

Somehow I lost all connection to my wireless network card. System: ASUS Eee PC1000HE

[IneedH3lp]

Most certainly you are not configuring it right. I had a lot of issues to in the beginning (no Internet access, no network access, even system crashes), but if you set the rules right, it will work.

Also, keep in mind that if you have multiple Rule Sets, only one can be set as default... maybe you're activating one set and when you restart the firewall, the default Rule Set gets activated. Get sure that the Rules Set you're working on is also set as the default one, so when the firewall restarts (i.e. PC reboot), it loads the Rules Set you mentioned.

Also, if you care confident in Teamviewer, I am willing to assist you (of course, that would imply access to the Internet, but you could allow all while receiving support then test the new Rules Set).

[zermatt]

Thank's IneedH3lp,

I will look into what you advised when I get home. At the moment I've had a partial success
by placing my modem LAN address into the area that has the trusted IP Address under the
Groups tab.

This seems to work until I reboot the computer, then I seem to be back at my problem again.
I've only had the opportunity to test this once. Then it seems I need to set JPF to Allow All for
a short while, use Windows repair Internet Network functionality and when that is complete.
Reset JPF back to Optimise Protection again, then I seem to be fine again, but it's quite an
unnecessary work around, and it's not something you want to have to do everytime you start
Windows.

[IneedH3lp]

Hi! I too am on a Core i7 with Windows 7 Ultimate x64 installed on it and I think that Jetico's Firewall is the best out because it's highly customizable.

I've tested Jetico for a long time and on many different platforms; I've created several fully customized configurations; so here's my advice to you:

1. Clone the Allow all set of rules;
2. Rename it the way you like (e.g. _0001_y10m02d05);
3. Leave the Network , Process Attack and Application checksum tables on ACCEPT;
4. Focus on the Application table;
5. On the application table, set the default rule to REJECT;
6. Create an ASK rule over it, click Advanced and insert this:

Code: [Select]

Network activity detected!\n\nApplication: %application%\n\nActivity type: %event% (%parent_event%)\nLocal Address: %local_addr% : %local_port%\nRemote Address: %remote_addr% : %remote_port%\n\nDo you want to authorize it?7. Over it create an ACCEPT rule that allows all the events except inbound and outbound network activity;
8. Leave the rule created at step 7 top most;
9. Now you have a basic configuration that should allow access to the Internet (of course, after allowing inbound/outbound traffic to applications that require access to the Internet);

10. Basically, the firewall is now filtering TCP/IP requests and you can set what applications have access to the Internet (altering the local and remote address) whenever a popup shows;
11. From here on, you can increase security by filtering the traffic even more;
12. I say you should add a separate filter for Direct Network Access- that  way you get to know any application that tries to send/retrieve data in one way or another;
13. And of course, you can boost your configuration by creating relevant rules and having them wisely arranged.

That's all I'm saying to you for the moment. If you still have problems, keep posting.

[zermatt]

Hi Everyone,

Yesterday evening I decided to install JPF v2.1.0.7 as I'm keen to try out this firewall!
I'm running a Windows 7 x64 OS on a Core i7 processor.

JPF is running fine, but the big problem I have is that JPF is denying my computer access
to my broadband modem/router and I have no internet connection when I'm using JPF
Optimal Protection. This means both Mozilla Firefox and Thunderbird which I use can't
connect.    Thunderbird evens states that a firewall is blocking it's access.

However, everything works fine when I use 'Allow All'. But 'Allow All' kinda defeats the
purpose of having a Firewall in my opinion! I've got to the point where I'm grasping at
straws to try and figure out what I am doing wrong.    I admit I'm still learning the
software and it's a learning curve I'm climbing!

In the configuration tab, under Network and Application I pretty much have everything
enabled (Accept), except for the following:

Under the IP Table:
Reject                 Fragment Packets
Reject                 TCP w/0 flags (NULL SCAN)
Reject                 TCP with flags FIN PSH URG (Xmas Scan)
Reject                 From Incoming Blocked Zone
Reject                 From Outgoing Blocked Zone

Under Application at the root node:
Reject                 Block communications with Network Blocked Addresses
Reject                 Block All not Processed Requests

Otherwise everything else is pretty much ACCEPT, except for a couple of ASKs.
Am I concentrating in the wrong area? Please advise as I'm in the trial period,
and I would like to give this software a thorough work out!

Cheers