Net Firewall Blocking Rules

Home Forums Discussions Support Portal Net Firewall Blocking Rules

This topic contains 5 replies, has 3 voices, and was last updated by  Vadim Smirnov 10 years, 9 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #5063

    ulli-um
    Participant

    Hi,

    can anybody tell me how the programm NetFirewall works.
    when i start to log all packets with NetFirewall it only showes TCP and UDP connections.
    does it means that the firewall only manage this two protocols?

    when i setup my adapter to “High Security Level”.
    does the programm blockes all other protocols which are not listed in the Security Rule table to allow this one ??

    what happen with IP, IGMP, RAW….. packets?

    i hope somebody can help me!

    greetings ulli

    #6156

    Vadim Smirnov
    Moderator

    when i start to log all packets with NetFirewall it only showes TCP and UDP connections.
    does it means that the firewall only manage this two protocols?

    NeT Firewall works just below TCP/IP and processes all IP protocols (IP, ICMP, IGMP, TCP, UDP and etc…). Probably you had not any other protocols activity when the log was collected.

    when i setup my adapter to “High Security Level”.
    does the programm blockes all other protocols which are not listed in the Security Rule table to allow this one ??

    “High Security Level” blocks every packet unless there is an allow rule matching this particular packet

    what happen with IP, IGMP, RAW….. packets?

    If there are no allow rules configured to pass these protocols then these packets are blocked on “High Security Level”.

    #6157

    ulli-um
    Participant

    first of all…thanks for the fast answer !

    i have some problems with PassThru packets…..

    in the your programm NetFirewall there are no packets logged which are from the protocol type RAW
    at the same moment, my programm is also running…and it receives packets from the protocol type RAW and sometimes the type IP….
    both programms (my passtru and your netfirewall are configured to non blocking packets)

    do you have any idea which can cause these problems?

    is it possible that that not all of one data packet is stored in PacketBuffer, and at the next read i receive the rest of the packet??

    here are by basic packet passthru function:
    while (1) {
    if(WaitForNewSingleObject( hEvent, 2000)==WAIT_TIMEOUT) {
    ResetNewEvent(hEvent);
    continue;
    }
    ResetNewEvent(hEvent);
    while(ReadPacket(DriverClass,&Request)) {

    PacketReceived(obj, DriverClass, &PacketBuffer, AdapterNr, &Request);

    // Renitialize Request
    memset(&Request, 0x00, sizeof(ETH_REQUEST) );
    memset(&PacketBuffer, 0x00, sizeof(INTERMEDIATE_BUFFER) );
    Request.EthPacket.Buffer = &PacketBuffer;
    Request.hAdapterHandle = hAdapter;
    }

    #6158

    Kon
    Participant

    Hi.

    You see TCP and UDP connections when you click Active Connections program node.

    If you click node Packet Log, you will see all packets arrived on your system.

    Do not forget to start log(log is started after installation).

    If you set High Security Level on any network adapter, only packets corresponded with allow rules will be pass to the system.

    Regards,
    Andrew

    #6159

    ulli-um
    Participant

    hi,

    i already have problems with programming a firewall.
    i receive packets which can not be assigned.

    i get packets which have this values:

    struct iphdr
    {
    u_char ip_hl:4, /* header length */ = 0
    ip_v:4; /* version */ = 0
    u_char ip_tos; /* type of service */ = 1
    short ip_len; /* total length */ = 8
    u_short ip_id; /* identification */ = 1030
    short ip_off; /* fragment offset field */ = 256
    #define IP_DF 0x4000 /* dont fragment flag */
    #define IP_MF 0x2000 /* more fragments flag */
    u_char ip_ttl; /* time to live */ = 0
    u_char ip_p; /* protocol */ = 14
    u_short ip_sum; /* checksum */ = 22837
    struct in_addr ip_src, = 175.41.192.168
    ip_dst; = 0.100.0.0
    }

    take a look at the ip addresses………………regular my ip is 192.168.0.100……
    all other packets can be read correct….TCP, UDP….packets have the right ip

    is it possible that the fregments are the reason of this problem?
    how should i manage the fregment packets? manage the WinpkFilter driver the fregments?

    do you have another idea which could case this problem??
    if you have any idea please add an example…

    thx Ulli

    #6160

    Vadim Smirnov
    Moderator

    is it possible that the fregments are the reason of this problem?
    how should i manage the fregment packets? manage the WinpkFilter driver the fregments?

    The packet you introduced just is not IP packet at all. It can be ARP/RARP, IPX or anything else. Don’t forget to check protocol field in Ethernet header before parsing an arbitrary packet. And no, this can’t be an IP packet fragment, each of the fragments has a correct IP header.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.