Home › Forums › Discussions › Support › Net Firewall Blocking Rules
- This topic has 5 replies, 3 voices, and was last updated 18 years, 1 month ago by Vadim Smirnov.
-
AuthorPosts
-
October 15, 2006 at 1:23 pm #5063Anonymous
Hi,
can anybody tell me how the programm NetFirewall works.
when i start to log all packets with NetFirewall it only showes TCP and UDP connections.
does it means that the firewall only manage this two protocols?when i setup my adapter to “High Security Level”.
does the programm blockes all other protocols which are not listed in the Security Rule table to allow this one ??what happen with IP, IGMP, RAW….. packets?
i hope somebody can help me!
greetings ulli
October 16, 2006 at 7:56 am #6156when i start to log all packets with NetFirewall it only showes TCP and UDP connections.
does it means that the firewall only manage this two protocols?NeT Firewall works just below TCP/IP and processes all IP protocols (IP, ICMP, IGMP, TCP, UDP and etc…). Probably you had not any other protocols activity when the log was collected.
when i setup my adapter to “High Security Level”.
does the programm blockes all other protocols which are not listed in the Security Rule table to allow this one ??“High Security Level” blocks every packet unless there is an allow rule matching this particular packet
what happen with IP, IGMP, RAW….. packets?
If there are no allow rules configured to pass these protocols then these packets are blocked on “High Security Level”.
October 16, 2006 at 8:37 pm #6157Anonymousfirst of all…thanks for the fast answer !
i have some problems with PassThru packets…..
in the your programm NetFirewall there are no packets logged which are from the protocol type RAW
at the same moment, my programm is also running…and it receives packets from the protocol type RAW and sometimes the type IP….
both programms (my passtru and your netfirewall are configured to non blocking packets)do you have any idea which can cause these problems?
is it possible that that not all of one data packet is stored in PacketBuffer, and at the next read i receive the rest of the packet??
here are by basic packet passthru function:
while (1) {
if(WaitForNewSingleObject( hEvent, 2000)==WAIT_TIMEOUT) {
ResetNewEvent(hEvent);
continue;
}
ResetNewEvent(hEvent);
while(ReadPacket(DriverClass,&Request)) {PacketReceived(obj, DriverClass, &PacketBuffer, AdapterNr, &Request);
// Renitialize Request
memset(&Request, 0x00, sizeof(ETH_REQUEST) );
memset(&PacketBuffer, 0x00, sizeof(INTERMEDIATE_BUFFER) );
Request.EthPacket.Buffer = &PacketBuffer;
Request.hAdapterHandle = hAdapter;
}October 17, 2006 at 9:30 am #6158Hi.
You see TCP and UDP connections when you click Active Connections program node.
If you click node Packet Log, you will see all packets arrived on your system.
Do not forget to start log(log is started after installation).
If you set High Security Level on any network adapter, only packets corresponded with allow rules will be pass to the system.
Regards,
AndrewOctober 29, 2006 at 4:31 pm #6159Anonymoushi,
i already have problems with programming a firewall.
i receive packets which can not be assigned.i get packets which have this values:
struct iphdr
{
u_char ip_hl:4, /* header length */ = 0
ip_v:4; /* version */ = 0
u_char ip_tos; /* type of service */ = 1
short ip_len; /* total length */ = 8
u_short ip_id; /* identification */ = 1030
short ip_off; /* fragment offset field */ = 256
#define IP_DF 0x4000 /* dont fragment flag */
#define IP_MF 0x2000 /* more fragments flag */
u_char ip_ttl; /* time to live */ = 0
u_char ip_p; /* protocol */ = 14
u_short ip_sum; /* checksum */ = 22837
struct in_addr ip_src, = 175.41.192.168
ip_dst; = 0.100.0.0
}take a look at the ip addresses………………regular my ip is 192.168.0.100……
all other packets can be read correct….TCP, UDP….packets have the right ipis it possible that the fregments are the reason of this problem?
how should i manage the fregment packets? manage the WinpkFilter driver the fregments?do you have another idea which could case this problem??
if you have any idea please add an example…thx Ulli
October 30, 2006 at 8:17 am #6160is it possible that the fregments are the reason of this problem?
how should i manage the fregment packets? manage the WinpkFilter driver the fregments?The packet you introduced just is not IP packet at all. It can be ARP/RARP, IPX or anything else. Don’t forget to check protocol field in Ethernet header before parsing an arbitrary packet. And no, this can’t be an IP packet fragment, each of the fragments has a correct IP header.
-
AuthorPosts
- You must be logged in to reply to this topic.