FromBabylon 0 Posted September 24, 2014 Share Posted September 24, 2014 Hi all ! I've just downloaded Eset Cyber Security Pro for my mac and I need help to configure the firewall. (I used to have Icefloor) First question is : do I have to disable built-in os x firewall so as to make eset firewall work correctly ? Second question : How do i setup the firewall so as to NO OUTBOUND connexions could escape from my real IP address (192.168.0.0/24) to the internet. I have setup two zones : - one for the en0 adapter which load several rules : allow in/out for OpenVPN connect (my VPN app) TCP/UDP, allow in/out for openvpn process in TCP/UDP and allow local network. Also Checked DNS. So while only connected to Wifi, internet doesn't work but i can connect to my VPN which is what I wanted. - one for the tun0 adapter which loads basic home rules when my VPN is ON. This should be ok because if my VPN drops then ESET switch to en0 zone and load the profile that only allow connection to my VPN. The problem is that while analyzing network trafic with ice floor PF states (and while VPN connected) i noticed some established connexion between my real IP (192.168.0.0/24) and internet. Which basically means that some trafic is not in the tunnel. I know with ice floor i could put custom rules like "block drop out quick inet proto tcp from 192.168.0.0/24 to any" and same for udp. I don't how I can do that with eset firewall : I can only says to the firewall "don't connect to that ip" but not "don't connect from that IP". Does anyone knows how I could deal with that problem ? Thanks Link to comment Share on other sites More sharing options...
Most Valued Members planet 232 Posted September 26, 2014 Most Valued Members Share Posted September 26, 2014 (edited) First question is : do I have to disable built-in os x firewall so as to make eset firewall work correctly ? Second question : How do i setup the firewall so as to NO OUTBOUND connexions could escape from my real IP address (192.168.0.0/24) to the internet. Hello, For your first question, yes you will need to disable the built in firewall to stop Cyber Security Pro from displaying the warning message. For the second question, maybe you could create a new zone with your real IP and assign that zone to a custom profile, blocking all connections from that IP? Edit: Steps removed due to it not working, as it assigns profiles to interfaces, not IPs. Hopefully this is what you were wanting. Edited November 8, 2014 by planet Link to comment Share on other sites More sharing options...
FromBabylon 0 Posted September 26, 2014 Author Share Posted September 26, 2014 (edited) Hello, Thanks for your answer So you mean Eset firewall can work with 2 zones at the same time ? Because, despite it seems to be a good solution to my problem, when VPN connected ESET recognized the utun0 interface and therefore load zone 2 (let's call it like that) and allow basic rules like I said before. But if an attempt of connection from my real IP pops up while still connected to VPN with utun0 (so if there is a LEAK) would ESET take into account the 2 zones ? I mean would it block the leak because it's in zone 'Block all from real IP' and also continue to allow trafic on utun0 which belongs to 'zone 2' ? I thought it could only deal with one zone at each time and has to change between zones. Am I wrong ? Furthermore I would have to allow some essential trafic from my real IP : connection to the router to be assigned IP address via DHCP. Basically allow from/to 192.168.0.0.1 with UDP and ports 67/68 isn't it ? The DNS and the connection to my VPN server for the login. Edited September 26, 2014 by FromBabylon Link to comment Share on other sites More sharing options...
Most Valued Members planet 232 Posted September 27, 2014 Most Valued Members Share Posted September 27, 2014 So you mean Eset firewall can work with 2 zones at the same time ? Because, despite it seems to be a good solution to my problem, when VPN connected ESET recognized the utun0 interface and therefore load zone 2 (let's call it like that) and allow basic rules like I said before. But if an attempt of connection from my real IP pops up while still connected to VPN with utun0 (so if there is a LEAK) would ESET take into account the 2 zones ? I mean would it block the leak because it's in zone 'Block all from real IP' and also continue to allow trafic on utun0 which belongs to 'zone 2' ? I thought it could only deal with one zone at each time and has to change between zones. Am I wrong ? Oops. You are right. The firewall assigned profiles for each interface, and after testing it out myself I saw Cyber Security Pro crash and freeze when I tried using two zones at once, or just use the most recent zone available. I'm sorry about that, hopefully another member has another method or solution for you. Link to comment Share on other sites More sharing options...
Most Valued Members planet 232 Posted October 13, 2015 Most Valued Members Share Posted October 13, 2015 (edited) Updating this thread to mention that ESET Cyber Security Pro (from version 6.1.12.0) will automatically assign the 'Work' profile of the Firewall to an active VPN connection, making it easier to manage rules/connections if using a VPN (So for the OP's question - you only allow enough rules to establish the VPN connection in 'Public' and block the rest as it will then use 'Work' whilst connected to a VPN). Thanks ESET! Edited October 13, 2015 by planet Link to comment Share on other sites More sharing options...
Recommended Posts