Jump to content

Archived

This topic is now archived and is closed to further replies.

FromBabylon

Setup Firewall To Prevent Leaks While Connected To Vpn

Recommended Posts

Hi all !

 

I've just downloaded Eset Cyber Security Pro for my mac and I need help to configure the firewall. (I used to have Icefloor)

 

First question is : do I have to disable built-in os x firewall so as to make eset firewall work correctly ? 

 

Second question : How do i setup the firewall so as to NO OUTBOUND connexions could escape from my real IP address (192.168.0.0/24) to the internet. 

 

I have setup two zones :

- one for the en0 adapter which load several rules : allow in/out for OpenVPN connect (my VPN app) TCP/UDP, allow in/out for openvpn process in TCP/UDP and allow local network. Also Checked DNS. 

So while only connected to Wifi, internet doesn't work but i can connect to my VPN which is what I wanted. 

 

- one for the tun0 adapter which loads basic home rules when my VPN is ON. 

 

This should be ok because if my VPN drops then ESET switch to en0 zone and load the profile that only allow connection to my VPN. 

 

The problem is that while analyzing network trafic with ice floor PF states (and while VPN connected) i noticed some established connexion between my real IP (192.168.0.0/24) and internet. Which basically means that some trafic is not in the tunnel.

I know with ice floor i could put custom rules like "block drop out quick inet proto tcp from 192.168.0.0/24 to any" and same for udp. I don't how I can do that with eset firewall : I can only says to the firewall "don't connect to that ip" but not "don't connect from that IP".

 

Does anyone knows how I could deal with that problem ? 

 

Thanks :) 

Share this post


Link to post
Share on other sites

First question is : do I have to disable built-in os x firewall so as to make eset firewall work correctly ? 

 

Second question : How do i setup the firewall so as to NO OUTBOUND connexions could escape from my real IP address (192.168.0.0/24) to the internet. 

 

Hello,

 

For your first question, yes you will need to disable the built in firewall to stop Cyber Security Pro from displaying the warning message.

 

For the second question, maybe you could create a new zone with your real IP and assign that zone to a custom profile, blocking all connections from that IP?

 

Edit: Steps removed due to it not working, as it assigns profiles to interfaces, not IPs.

 

Hopefully this is what you were wanting.  :)

Share this post


Link to post
Share on other sites

Hello,

 

Thanks for your answer :)

 

So you mean Eset firewall can work with 2 zones at the same time ? Because, despite it seems to be a good solution to my problem, when VPN connected ESET recognized the utun0 interface and therefore load zone 2 (let's call it like that) and allow basic rules like I said before. But if an attempt of connection from my real IP pops up while still connected to VPN with utun0 (so if there is a LEAK) would ESET take into account the 2 zones ? I mean would it block the leak because it's in zone 'Block all from real IP' and also continue to allow trafic on utun0 which belongs to 'zone 2' ? 

 

I thought it could only deal with one zone at each time and has to change between zones. 

 

Am I wrong ?

 

 

Furthermore I would have to allow some essential trafic from my real IP : connection to the router to be assigned IP address via DHCP. Basically allow from/to 192.168.0.0.1 with UDP and ports 67/68 isn't it ? The DNS and the connection to my VPN server for the login. 

Share this post


Link to post
Share on other sites

So you mean Eset firewall can work with 2 zones at the same time ? Because, despite it seems to be a good solution to my problem, when VPN connected ESET recognized the utun0 interface and therefore load zone 2 (let's call it like that) and allow basic rules like I said before. But if an attempt of connection from my real IP pops up while still connected to VPN with utun0 (so if there is a LEAK) would ESET take into account the 2 zones ? I mean would it block the leak because it's in zone 'Block all from real IP' and also continue to allow trafic on utun0 which belongs to 'zone 2' ? 

 

I thought it could only deal with one zone at each time and has to change between zones. 

 

Am I wrong ?

 

Oops. You are right.  :(

 

The firewall assigned profiles for each interface, and after testing it out myself I saw Cyber Security Pro crash and freeze when I tried using two zones at once, or just use the most recent zone available.

 

I'm sorry about that, hopefully another member has another method or solution for you. 

Share this post


Link to post
Share on other sites

Updating this thread to mention that ESET Cyber Security Pro (from version 6.1.12.0) will automatically assign the 'Work' profile of the Firewall to an active VPN connection, making it easier to manage rules/connections if using a VPN (So for the OP's question - you only allow enough rules to establish the VPN connection in 'Public' and block the rest as it will then use 'Work' whilst connected to a VPN).  :) Thanks ESET!

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...