Net Firewall Blocking Rules

Home Forums Discussions Support Net Firewall Blocking Rules

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • October 15, 2006 at 1:23 pm #5063
    Anonymous

      Hi,

      can anybody tell me how the programm NetFirewall works.
      when i start to log all packets with NetFirewall it only showes TCP and UDP connections.
      does it means that the firewall only manage this two protocols?

      when i setup my adapter to “High Security Level”.
      does the programm blockes all other protocols which are not listed in the Security Rule table to allow this one ??

      what happen with IP, IGMP, RAW….. packets?

      i hope somebody can help me!

      greetings ulli

      October 16, 2006 at 7:56 am #6156
      Vadim Smirnov
      Keymaster

        when i start to log all packets with NetFirewall it only showes TCP and UDP connections.
        does it means that the firewall only manage this two protocols?

        NeT Firewall works just below TCP/IP and processes all IP protocols (IP, ICMP, IGMP, TCP, UDP and etc…). Probably you had not any other protocols activity when the log was collected.

        when i setup my adapter to “High Security Level”.
        does the programm blockes all other protocols which are not listed in the Security Rule table to allow this one ??

        “High Security Level” blocks every packet unless there is an allow rule matching this particular packet

        what happen with IP, IGMP, RAW….. packets?

        If there are no allow rules configured to pass these protocols then these packets are blocked on “High Security Level”.

        October 16, 2006 at 8:37 pm #6157
        Anonymous

          first of all…thanks for the fast answer !

          i have some problems with PassThru packets…..

          in the your programm NetFirewall there are no packets logged which are from the protocol type RAW
          at the same moment, my programm is also running…and it receives packets from the protocol type RAW and sometimes the type IP….
          both programms (my passtru and your netfirewall are configured to non blocking packets)

          do you have any idea which can cause these problems?

          is it possible that that not all of one data packet is stored in PacketBuffer, and at the next read i receive the rest of the packet??

          here are by basic packet passthru function:
          while (1) {
          if(WaitForNewSingleObject( hEvent, 2000)==WAIT_TIMEOUT) {
          ResetNewEvent(hEvent);
          continue;
          }
          ResetNewEvent(hEvent);
          while(ReadPacket(DriverClass,&Request)) {

          PacketReceived(obj, DriverClass, &PacketBuffer, AdapterNr, &Request);

          // Renitialize Request
          memset(&Request, 0x00, sizeof(ETH_REQUEST) );
          memset(&PacketBuffer, 0x00, sizeof(INTERMEDIATE_BUFFER) );
          Request.EthPacket.Buffer = &PacketBuffer;
          Request.hAdapterHandle = hAdapter;
          }

          October 17, 2006 at 9:30 am #6158
          Kon
          Participant

            Hi.

            You see TCP and UDP connections when you click Active Connections program node.

            If you click node Packet Log, you will see all packets arrived on your system.

            Do not forget to start log(log is started after installation).

            If you set High Security Level on any network adapter, only packets corresponded with allow rules will be pass to the system.

            Regards,
            Andrew

            October 29, 2006 at 4:31 pm #6159
            Anonymous

              hi,

              i already have problems with programming a firewall.
              i receive packets which can not be assigned.

              i get packets which have this values:

              struct iphdr
              {
              u_char ip_hl:4, /* header length */ = 0
              ip_v:4; /* version */ = 0
              u_char ip_tos; /* type of service */ = 1
              short ip_len; /* total length */ = 8
              u_short ip_id; /* identification */ = 1030
              short ip_off; /* fragment offset field */ = 256
              #define IP_DF 0x4000 /* dont fragment flag */
              #define IP_MF 0x2000 /* more fragments flag */
              u_char ip_ttl; /* time to live */ = 0
              u_char ip_p; /* protocol */ = 14
              u_short ip_sum; /* checksum */ = 22837
              struct in_addr ip_src, = 175.41.192.168
              ip_dst; = 0.100.0.0
              }

              take a look at the ip addresses………………regular my ip is 192.168.0.100……
              all other packets can be read correct….TCP, UDP….packets have the right ip

              is it possible that the fregments are the reason of this problem?
              how should i manage the fregment packets? manage the WinpkFilter driver the fregments?

              do you have another idea which could case this problem??
              if you have any idea please add an example…

              thx Ulli

              October 30, 2006 at 8:17 am #6160
              Vadim Smirnov
              Keymaster

                is it possible that the fregments are the reason of this problem?
                how should i manage the fregment packets? manage the WinpkFilter driver the fregments?

                The packet you introduced just is not IP packet at all. It can be ARP/RARP, IPX or anything else. Don’t forget to check protocol field in Ethernet header before parsing an arbitrary packet. And no, this can’t be an IP packet fragment, each of the fragments has a correct IP header.

              • Author
                Posts
              Viewing 6 posts - 1 through 6 (of 6 total)
              • You must be logged in to reply to this topic.