Jump to content

Firewall zones local address


Recommended Posts

Hi

We have a lokal address zones with your own, loopback and link lokal address.

Can we split all this address?

I need only my own dynamic address or subnet address, because i will add this on my anti spoofing firewall rules.

Cheers

Hans

Link to comment
Share on other sites

local address zone can't modify, and this zone use dynamic ip address.

Can we use expression variable?

Cheers

Hans

 

Link to comment
Share on other sites

  • Administrators

The list of local addresses is populated automatically. What would you like to change there and why?

Link to comment
Share on other sites

in this zone, is include loopback address, if you block inbound the src with local address zone, you block all other programms.

 

Link to comment
Share on other sites

  • 1 month later...

Hi

Thank for your feedback.

but

local address zone, actually IP Address, and Loopback and Link local address.

x.x.x.x (your address), 127.0.0.1, 169.254.0.0/16 (Link Local)

If you make a firewall rules like spoofing and you use this local address zone, you have a litte problem with your other programms. Because they use also the loopback address 127.0.0.1.

x.x.x.x (your address) set this dynamic, in VPN use 2 address, but i will use only this x.x.x.x on my rules. New IP set this automatically, if you change your vpn locations.

that is the reason, how can i use this dynamical x.x.x.x address on my firewall rules?

 

 

Link to comment
Share on other sites

  • Administrators

Unfortunately it's not clear to me what you would like to achieve and what the problem is. Please open a support ticket if nobody else is able to answer.

Link to comment
Share on other sites

  • 3 weeks later...

Hi Marcos

Normally you make a firewall rules inbound to block some spoofing external addresses.

example:

you have a network address range like 192.168.5.0 /24

So you  make a firewall rules inbound block source 192.168.5.0/24 to block some source address on this ip range.

But Eset have defined a Firewall Zone "Local Address", they grep dynamically your network address.

Example:

192.168.5.0, 127.0.0.1, ::1, etc..

That is the problem, Loopback address. 127.0.0.1, ::1 if you block on your Firewall in bound source, then you block all other app, because the user 127.0.0.1 address internal communications.

Ok. you can sad, you can defined my own zone, yes, but not dynamically. Because i use VPN. they use dynamic IP's.

 

 

 

Link to comment
Share on other sites

  • Administrators

If you create a custom rule with "Local addresses" zone, it will be preceded by the built-in rule for internal communication which will be allowed:

image.png

Link to comment
Share on other sites

yes, i know, but the problem is on this zone use 127.0.0.1 address.

you can see this RFC

https://www.rfc-editor.org/rfc/rfc5735

This IP Address must be block inside on your network.. to protected, your network from spoofing.

What is need is the dynamic IP Address without 127.0.0.1 address. Because i can't found a solutions, what is internal 127.0.0.1 or external 127.0.0.1 to communicate your computer.

if a person came from 127.0.0.1 address you have a problem. normally this address will not routed, but your route compromise with mac spoofing, you open the door.

🐵

Link to comment
Share on other sites

A few observations here.

Per this standard, https://www.rfc-editor.org/rfc/rfc5735 , is the following:

Quote

127.0.0.0/8 - This block is assigned for use as the Internet host
   loopback address.  A datagram sent by a higher-level protocol to an
   address anywhere within this block loops back inside the host.  This
   is ordinarily implemented using only 127.0.0.1/32 for loopback.  As
   described in [RFC1122], Section 3.2.1.3, addresses within the entire
   127.0.0.0/8 block do not legitimately appear on any network anywhere.

First, I run on an Eset untrusted network connection. However, Eset creates a loopback adapter connection and trusts any connection within 127.0.0.0/8 or ::1/128 range:

Eset_Loopback.thumb.png.97df80f7499779393d39d67ac74dc257.png

Unless  I am missing something, anything from 127.0.0.0/8 or ::1/128 will satisfy any Eset firewall rule where Trusted Zone is specified unless Eset specifically excludes Loopback adapter Trusted Zone entries in those rules?

Edited by itman
Link to comment
Share on other sites

  • 2 weeks later...

ok. How can i filtering the spoofing address ?

127.0.0.0/8 - This block is assigned for use as the Internet host
   loopback address.  A datagram sent by a higher-level protocol to an
   address anywhere within this block loops back inside the host.  This
   is ordinarily implemented using only 127.0.0.1/32 for loopback.  As
   described in [RFC1122], Section 3.2.1.3, addresses within the entire
   127.0.0.0/8 block do not legitimately appear on any network anywhere.

Local Address Zone in your firewall has included this Loopback address. if you block anti spoofing filtering you block all other inside program.

Local Address Zone is dynamic IP, your IP.

If you block like this:

Block source in "Zone locale Address" you block other internal program, because they use Loopback address.

:)

 

Link to comment
Share on other sites

Did you understand my problem?

I need this dynamic "local zone" because they grep my dynamic IP.

Or you can use some expressions variable in firewall rules?

Link to comment
Share on other sites

  • Administrators

There's a link to a web wizard in the main gui -> Help and support:

image.png

If you go through the wizard, at the end you will be offered an option to contact technical support:

image.png

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...