Author Topic: firewall rules  (Read 9452 times)

0 Members and 1 Guest are viewing this topic.

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
firewall rules
« on: January 23, 2010, 07:09:15 PM »
I just deleted all rules, switched back from Home zone to Work zone, set policy on auto-decide, rebooted:

OK launching Firefox, and I'm being asked, although auto-decide was set:


Then I look at the rule that was created, and although the alert stated "friends in/out", the rule states "friends and internet out otherwise ask me" ... I guess the alert was only related to the web shield interference.


 also noticing that all system related rules that were automatically created after the software install, once deleted, and not created again.
« Last Edit: January 23, 2010, 07:11:31 PM by Logos »
w7 - ais7

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: firewall rules
« Reply #1 on: January 23, 2010, 07:40:56 PM »
sounds like many rules are created in the background now, whether policy is set to ask or auto-decide  :-\ ... I've lauched some apps that didn't trigger any alert, no rule was automatically created, at least visibly...
w7 - ais7

Offline dallas7

  • Full Member
  • ***
  • Posts: 127
  • Got mead?
Re: firewall rules
« Reply #2 on: January 23, 2010, 08:37:54 PM »
I conclude from parsing the threads here that the firewall module is an overlay for the Windows firewall.  You won't have much control over it.

I'm thinking that's why my posting
http://forum.avast.com/index.php?topic=53789.0
has remained unanswered.

Looks like you can make any rules you want as long as they're avast! rules.  8)

Clearly, this forum needs a separate board for firewall users.  Way too much Free and Pro chatter in this one.

Good luck!!
"Machines making machines. How perverse..." -C3P0Win7hpSP1x64 & Latest avast! Free on i7/Z77 Tower & i5/HM65 Laptop
Online Armor Premium • MBAM Pro • Zemana AntiLogger Pro & Free • Bitdefender TrafficLight • DNS-BH filtering
Pale Moon x64: native 64 bit multi-core-optimized Mozilla browser

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: firewall rules
« Reply #3 on: January 23, 2010, 09:47:20 PM »
I conclude from parsing the threads here that the firewall module is an overlay for the Windows firewall.  You won't have much control over it.
<snip>

I doubt that as in the beta tests many people disabled the windows firewall, although there is supposed to be no conflict with it or need to disable it. So to me that would indicate it isn't simply an overlay.

I'm thinking there very few people outside of the Alwil team that have that much experience on the avast firewall to respond to or much less help with the question. I think what Alwil have been trying to do with the firewall is similar to what they are doing with the antivirus, take the questions away from your average user. So perhaps it isn't as configurable as the old style firewalls.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: firewall rules
« Reply #4 on: January 23, 2010, 10:21:31 PM »
It's a new concept I'm sure about it and that's why I'm interested in it and I'm running it for now. A concept obviously meant to avoid a maximum of alerts to the user if fw is set to ask. I'd just like to have more precisions about the auto-decide behavior, as it also seems to interfere when the firewall is set to ask. Also, we badly need a neutral and professional test with it. I hope Matousec will take care of that soon or later, where soon would be better  ;D I know there's been some controversy about Matousec but I can't think about anyone else doing the tests so deeply. Any suggestion welcome  ;)

 Another obvious thing is that we don't have here a tweak-able firewall, like protocols aren't accessible in the application rules as well as many other things. If the firewall is leak-proof I don't care, but I'd like to be sure.
w7 - ais7

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: firewall rules
« Reply #5 on: January 23, 2010, 10:30:24 PM »
I would have thought that ShieldUp at grc.com would be a start as essentially firewalls are about stealthing your system and secondly about outbound connections and what gets out, etc.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: firewall rules
« Reply #6 on: January 23, 2010, 11:10:14 PM »
OK so I should have added outbound-proof, because network security is not just a matter of port, but also how good a firewall is good at blocking unwanted outbound connections. To stealth ports, my router's firewall does the job alone  ;)
w7 - ais7

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: firewall rules
« Reply #7 on: January 23, 2010, 11:13:45 PM »
Yes a router would do that or most would accomplish that, but it was more a test of the firewall if the router could be bypassed.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: firewall rules
« Reply #8 on: January 23, 2010, 11:34:00 PM »
I know... OK so, on ShieldsUp, except for ping that I allowed purposely just now on the router for the test, so ping failed (ie system responded), all ports are stealth when router's firewall deactivated  ;) ... sounds good, but I need to know how solid is the outbound protection. There are tests available that you can run yourself, but Comodo made them so  ;D ...not sure about neutrality there  :D
w7 - ais7

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: firewall rules
« Reply #9 on: January 23, 2010, 11:37:57 PM »
A promising start apart from the ping, a common knock, knock, to see if anyone is home ;D

Understand what you mean by neutrality.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: firewall rules
« Reply #10 on: January 24, 2010, 07:17:56 PM »
two other questions about how rules are made:

1) deleting a rule (made after a first alert) for an application doesn't necessarily mean that you'll get a new alert when launching this same application again

2)WLM rule: I get three alerts, all of them on MS IPs on port 80, the rule is already created after the first alert has been answered, why do I get two new alerts  ??? same protocol etc... just the IP changes...and of course no sub-rule gets added to the list.
w7 - ais7

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: firewall rules
« Reply #11 on: January 24, 2010, 08:39:59 PM »
I'd like to insist on that because I just tried it again: deleting an application rule  and launching this app doesn't trigger anything, no alert, nothing, even with "auto-decide" on. I got the feeling the rule is kept, after deletion, somewhere in the firewall configuration files and therefore will never appear again in the UI list...
w7 - ais7

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: firewall rules
« Reply #12 on: January 24, 2010, 09:21:44 PM »
no alert, no rule, nothing when an application launches a link in a browser, like Thunderbird or TweetDeck  >>>> Firefox...
w7 - ais7

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: firewall rules
« Reply #13 on: January 24, 2010, 10:12:05 PM »
I see now in the log that an app running in the background (something that I know) has been blocked, and it refers to rule *8  ???
w7 - ais7

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: firewall rules
« Reply #14 on: January 24, 2010, 10:17:50 PM »
I see now  ( I should have opened the file before  ::) ) that tens of rules that don't appear in the GUI are still stored in:
C:\ProgramData\Alwil Software\Avast5\fw\rules.xml

cool, why isn't that reflected in the GUI ? also some rules that I deleted are still there  :D
« Last Edit: January 24, 2010, 10:19:42 PM by Logos »
w7 - ais7