Inbound firewall - Page 9 - Wilders Security Forums::
the Block most mode, its one of the reasons why I started to use Outpost Pro You will have another flood of TCP packets to be added to the UDP packets.
http://www.wilderssecurity.com/showthread.php?t=191873&page=9HOME |
Hi,
This problem has been driving me nut. I'm trying to set up rules to allow uPNP to work on my LAN. So I have this rule set up:
Explorer.exe rule, named "EXPLORER Rule allow UPNP"
When the protocol is UDP
and Where the remote host is 239.255.255.250
and Where the remote port is 1900
Allow it
Rule has a checkbox, so is definitely enabled.
However, under Blocked Connections I STILL get these:
6:45:41 PM explorer.exe OUT REFUSED UDP 239.255.255.250 1900 EXPLORER Rule allow UPNP
So, Outpost matches is against the right rule, and plainly ignores my "Allow it" setting and blocks it!
Any suggestion? This doesn't make any sense. Same thing also occurs with other UPNP-related rules.
Thanks!
[Edit: Forgot to mention, this is Outpost 2.5 370/370, under WinXP SP2 - XP firewall disabled]
Try deleting and recreating the rule. If this fails, then delete and recreate the ruleset for explorer.exe while explorer is not running (or at least, not connecting to anything). This sort of problem seems to happen when rules are created for an application when it has active network connections.
Help - One Way Satellite connection [Archive] - Outpost Users Support Forum::
11:10:02 AM SYSTEM UDP 203.58.37.8 1103 Packet to closed port Outpost appears to be blocking DCPNAV using a rule that should allow it - this
http://www.outpostfirewall.com/forum/archive/index.php/t-12371.htmlHOME |
DSL connection stops [Archive] - Outpost Users Support Forum::
Allow Outgoing DHCP look suspicious since this rule should not be was make a rule to let my svchost.exe accept inbound udp packets from my two dns
http://www.outpostfirewall.com/forum/archive/index.php/t-15060.htmlHOME |
UPnP rules are probably better done as global ones rather than application ones - as long as you are aware of the possible security issues with UPnP.
Jetico Personal Firewall [Archive] - Wilders Security Forums::
I turned off the Ask user rule and set to configure the firewall by hand. The firewall rules for low-level network packets now have an explicit parameter
http://www.wilderssecurity.com/archive/index.php/t-46509.htmlHOME |
FileForum | Reviews of Agnitum Outpost Firewall::
select Allow or Block by default. Enable: Allow localHost UDP connection rule sets - and needs a lot of knowledge of ports and protocols to change it.
http://fileforum.betanews.com/review.php/1009877103/2/view?sortby=ratingHOME |
As I mentionned, I went even further and created a whole new config, no luck. I just tried what you suggested: killed explorer.exe, deleted explorer.exe entry, created a new one with the appropriate rules, then restarted explorer. Same result.
I also tried specifying global rules, same result.
Digging further, I note two things that makes things even weirder:
a) Despite this, UPNP _seems_ to be working. Windows talks to the router just fine over UPNP (the "Internet Connection" icon appears in the system tray and I'm able to specify new port rules for, say, Emule, by using that icon. I don't see the router appear in my Network Places like the previous one (a Dlink, I just switched to a Linksys) did, but that could be due to the router itself. I'll see what happens with my laptop which only uses the Windows Firewall.
b) Digging through the logs, I see entries for those rules in BOTH "Allowed" and "Blocked" logs! Could this be in fact a logging bug, NOT a firewall bug? Could be possible, especially since UPNP seems to be working.
I'll have to do more experiments to see if it wouldn't be a logging issue indeed. In the meantime if anyone has an enlighted suggestion, go ahead :)
Here's more details on my setup:
Microsoft Word - Hardening Windows NT::
For example, a firewall may only allow packets associated with the You can set it to either allow certain files only, or block certain files.
http://www.infosecwriters.com/text_resources/pdf/Hardening_Windows_NT.pdfHOME |
PC1: WinXP Pro SP2
Router: Linksys WRT54G (tried both Linksys firmwares and the Sveasoft alchemy firmware - their Satori firmware has badly broken UPNP)
Outpost: 2.5 370/370
--
RMerlin
Having started from a totally fresh configuration, I definitely didn't have any conflicting rules left behind. Also checked, only one entry for EXPLORER, and the rule description was unique enough not to confuse/conflict with any other one.
Anyways, I ended up disabling UPnP on the router due to other issues firmware-related, and also the lack of time for troubleshooting this any further. I'd probably have to plug the laptop on the LAN and start sniffing traffic to see if the packets do get sent or not. Too much work :)
--
RMerlin
Try deleting and recreating the rule. If this fails, then delete and recreate the ruleset for explorer.exe while explorer is not running (or at least, not connecting to anything). This sort of problem seems to happen when rules are created for an application when it has active network connections.
UPnP rules are probably better done as global ones rather than application ones - as long as you are aware of the possible security issues with UPnP.
If the same rule is being reported in both "Allow" and "Block" logs then this suggests that you actually have 2 rules with the same name. I'd suggest checking for this and, if in doubt, providing full details of the rules you are using.
If you have implemented the recommendations of 1 then these do include rules blocking UPnP traffic in svchost.exe so you should change them.
Additional info, after doing more digging in previous forum posts:
I suspect the problem is with some of these routers that are uPNP enabled, WinXP starts acting as if it was going through ICS (notice that new "Internet Gateway" icon in your Network Connections folder when using a UPNP-enabled router? That's the one). This is where Outpost becomes confused. What makes me think so is that I'm starting to see those "Blocked transit packets" entries now, just like mentionned in another post reguarding ICS.
I tried the suggested change to outpost.ini (adding the ShowNATColumb entry) but it didn't seem to work anymore under 2.5 - that column never showed up.
I also tried starting with a new config file, no luck.
So far it seems like Outpost 2.5 + some uPNP-enabled router = problem :(
 Microsoft Unleashes Visual Studio .NET
 IBM's iPhrase Buy Adds to WebSphere
|
