in

eEye Digital Security

The endpoint to vulnerability starts here.

 
eEye Digital Security » Blink Forums » General Discussion » Firewall rule named "-"

Firewall rule named "-"

Last post 09-02-2008 4:54 PM by Blue1978. 3 replies.
Page 1 of 1 (4 items)
Sort Posts: Previous Next

  • 09-02-2008 7:49 AM

    • vs2008
    • Top 500 Contributor
    • Joined on 07-04-2008
    • Posts 3

    Firewall rule named "-"

    Reply Contact

     I just noticed that there was a firewall rule name "-" ( without the quotes ) allowing all traffic. I deleted it but now want to find more information about this rule. Which application ? 

     Did anyone else noticed this ?  Is there a way to go back to a log and check which one I deleted ?

     

    Thanks.

    Filed under: ,

  • 09-02-2008 4:24 PM In reply to

    Re: Firewall rule named "-"

    Reply Contact

    vs2008:
     I just noticed that there was a firewall rule name "-" ( without the quotes ) allowing all traffic.

    Which firewall section did you note this in?  Application Firewall or System Firewall section?

    vs2008:
     Did anyone else noticed this ?  Is there a way to go back to a log and check which one I deleted ?

    Not that I know of.  If you have a rule that allows everything, that kind of defeats the purpose of having the firewall.  Once you deleted it, it is deleted...unless you saved your firewall configuration settings that you could use to restore from. 

    If your worried that something will not work properly (as it did before) you can place the firewall in passive mode and see if any traffic needs a rule created to allow it that you do not already have a rule for.  To enable passive mode do the following:

    1.  Go to the "Options" section at the top of Blink's main window.

    2.  Select the "Firewall" tab.

    3.  Under the "Advanced Options" section under this tab, place a check mark in the "Enable Firewall Passive Mode" box.

    Your good to go.  Keep in mind when this option is checked ALL traffic inbound and outbound is allowed.  Anything that does not have a firewall rule already created for it to allow it is logged in Blink's log.  From this information you can create any rules that you may need to allow this traffic (if you want to allow it).  Once you have created any rules that you may need, be sure to turn off this feature!

  • 09-02-2008 4:40 PM In reply to

    • vs2008
    • Top 500 Contributor
    • Joined on 07-04-2008
    • Posts 3

    Re: Firewall rule named "-"

    Reply Contact

     Thanks for the response.  It was in the "Application Firewall" section.  I'm really concerned as I don't know since how long this "-" rule was there....even which application created it.  As soon as I saw it, deleted it....should have clicked on "modify rule" which would have shown what application created this rule.

     I checked the logs and nothing was recorded relating to rules being added/deleted or modified... Is there a log specific to the firewall rules ? 

     

    Thank you.

    Filed under: ,

  • 09-02-2008 4:54 PM In reply to

    Re: Firewall rule named "-"

    Reply Contact

    vs2008:
     I checked the logs and nothing was recorded relating to rules being added/deleted or modified... Is there a log specific to the firewall rules

         Bink's main log would be the only location you will see any logs for anything.  If you tried the Firewall Passive mode and nothing showed up in Blink's main log, then you probably have all of the rules you need so far.  You can also select the "Log Denied Traffic" box under the Firewall Tab also and over time if anything is being blocked you will see alerts build up in the log.

         If all else fails, delete all of the rules out of the Application Firewall section and let Blink alert you for everything all over again to create a fresh set of rules. 

     
Page 1 of 1 (4 items)
© 1995 - 2009 eEye Incorporated