Utun0 Interface

[Kielty 0]

i have just installed cyber security pro on my iMac and it states that there is a utun0 interface and asking me whether it should be home, public or work.

 

A search has revealed this interface is needed for back to my mac - if i mark it as public will it block back to my mac or is it ok to have it home?

 

Many thanks

[planet 232]

Hello Kielty,

 

The firewall has a Back To My Mac rule on all "Home, Work & Public", which by default allows communication for it (specifically UDP for all addresses on Remote port 5678). So to answer your question, selecting it as public will not block Back to My Mac.

 

This uton0 interface is for VPN connections, and it seems that Back to My Mac also uses this same interface.

 

I don't know if it's safe and secure to use the same profile for this interface (eg. using "Home" for Ethernet, and if uton0 is also okay for "Home"), so below I have something that makes the uton0 interface only accept Back to My Mac communication (as well as other defaults required for basic network connection).

 

Someone else (including ESET) may provide the answer that doesn't require the below steps, but it's just a temporary solution that I would personally do until a solid response is made. Alternatively, you could turn off "Back to My Mac" until a response is made.

 

-----

 

You could create a new profile dedicated for the Back to My Mac (or utun0) until ESET provides a solution or KB Article in the future for this. I should note that this may not work.

 

1. Click the Cyber Security Pro icon on the menu bar of your Mac (top right) and click 'Preferences'
2. Click "Firewall" and click on the "Profiles" tab
3. Select a profile on the left that hasn't been used or doesn't have any custom rules (or just select any one), set the new profile name as "For uton0 and Back to My Mac" and click "Clone".
4. Click on the "Rules" tab and change to the profile you just created, next to "Display rules used in profile:".
5. Uncheck all rules in the list, except for "Deny AirPort Base Station discovery", "Allow DHCP communication", "Allow time synchronisation", "Allow BackToMyMac communication", "Allow DNS communication", "Allow all encapsulated traffic", "Allow ICMP Ping" and "Allow IGMP Communication". (I'm just being careful for these in case the uton0 interface still needs to use these, along with the Back To My Mac rule)
6. Click on the "Zones" tab and delete any zones already made for the uton0 interface.
7. Click "Add..." and name it "Zone for uton0 and Back to My Mac". Set the profile to the one we created ("For uton0 and Back to My Mac") and under 'Activator:', select "Interface" and then under the second selection box, select the one that shows either with the words VPN, uton0, Back to My Mac (Because I don't use Back to My Mac, I don't know what the actual one is)
8. Click on 'Add', and then press OK.

Hopefully this provides you with some security whilst still allowing Back to My Mac to work - give Back to My Mac a go to see if it does work.

Edited August 14, 2014 by planet

[Kielty 0]

thanks for your help planet..  regards.