Simplewall: Improve pre-installed/system rules

Created on 20 Mar 2020  路  1Comment  路  Source: henrypp/simplewall

Hello,

in my 3.1.1 installation I see that the following filters are wrong/missing:

- "NetBIOS [inbound]" has direction "any" instead of inbound

  • "mDNS" is outbound only, please make it "mDNS [outbound]" and add "mDNS [inbound]" (local: 224.0.0.251:5353;[ff02::fb]:5353, inbound, udp)

  • "LLMNR" is outbound only, ditto (local: 224.0.0.252:5355;[ff02::1:3]:5355, inbound, udp)

    - "IGMP" is outbound only, ditto (local: 224.0.0.0/4, inbound, igmp)

  • "DNS" is outbound only, please rename it "DNS client [outbound]" and add a "DNS client [inbound]" (remote: 53, inbound, udp)

Lastly, I have a question about system rules. Consider LLMNR:
https://github.com/henrypp/simplewall/blob/f994eb35aceec9011e8eb55e7e34e6dbadca3373/bin/rules_system.xml#L12

According to this it should apply to "System" and "svchost.exe" but when I open this rule in the rules editor it says "Enabled for all apps". Does this work correctly under the hood and just not display it correctly in the UI? Thanks.

grafik

bug question
Source
picture xnoreq
👍1

Most helpful comment

Hello,

"NetBIOS [inbound]" has direction "any" instead of inbound

Fixed, thank you!

  • "mDNS" is outbound only, please make it "mDNS [outbound]" and add "mDNS [inbound]" (local: 224.0.0.251:5353;[ff02::fb]:5353, inbound, udp)

  • "LLMNR" is outbound only, ditto (local: 224.0.0.252:5355;[ff02::1:3]:5355, inbound, udp)

  • "IGMP" is outbound only, ditto (local: 224.0.0.0/4, inbound, igmp)

I think this is not necessary, but you can create pull request.

According to this it should apply to "System" and "svchost.exe" but when I open this rule in the rules editor it says "Enabled for all apps". Does this work correctly under the hood and just not display it correctly in the UI? Thanks.

There is no problem, this rules are applied to svchost.exe and System when enabled.

picture henrypp on 21 Mar 2020
1 👍1

>All comments

Hello,

"NetBIOS [inbound]" has direction "any" instead of inbound

Fixed, thank you!

  • "mDNS" is outbound only, please make it "mDNS [outbound]" and add "mDNS [inbound]" (local: 224.0.0.251:5353;[ff02::fb]:5353, inbound, udp)

  • "LLMNR" is outbound only, ditto (local: 224.0.0.252:5355;[ff02::1:3]:5355, inbound, udp)

  • "IGMP" is outbound only, ditto (local: 224.0.0.0/4, inbound, igmp)

I think this is not necessary, but you can create pull request.

According to this it should apply to "System" and "svchost.exe" but when I open this rule in the rules editor it says "Enabled for all apps". Does this work correctly under the hood and just not display it correctly in the UI? Thanks.

There is no problem, this rules are applied to svchost.exe and System when enabled.

henrypp picture henrypp on 21 Mar 2020
1 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Jtasiu picture Jtasiu  路  4Comments
xnoreq picture xnoreq  路  3Comments
shiftyshady picture shiftyshady  路  4Comments
Radagast picture Radagast  路  4Comments
TontyTon picture TontyTon  路  3Comments