As with the previous version, the zones required explicitly specifying as Eset still doesn't pop up a network detection dialogue when a PAN interface (eg utun1) makes a connection. 'Home' zone for the physical ethernet LAN subnet, 'WireGuard' zone to cover the VPN tunnel on utun1 (which brings a public ipv4 address to the local machine, hence the need for strict local firewalling), and 'VPN' as a catch-all for any other VPN address (IKEv2, WireGuard, OpenVPN) which all providers I use issue in the 10.0.0.0/8 range. Unfortunately, Eset Cyber Security Pro still has no fully manual/policy mode, unlike the Windows version, so I left the mode set to automatic with exceptions. With that in mind this is just a quick note of my experiences, sans my usual fully referenced, stated-methodology and formatted results etc reporting. With all due respect this is a brief ad-hoc test to check whether things have improved since my experience with the previous version. I downloaded the latest version and installed it for testing as requested. Thanks in advance.Ĭan you please try it with it and share your feedback with us? ![]() ![]() I did do a search before posting, but the one topic I saw asking this and a few other questions had all questions answered but this (most important!) one. Eset do make a nice GUI (and excellent AV) though, so that'd be icing on the cake. My question is, does Eset's Cyber Security Pro for Mac utilise macOS' underlying pf, or does it use a custom engine? I'm really hoping it just acts as a GUI front-end for pf, as it's such a feature rich, powerful and battle-tested firewall there's no real reason to change it. I'm more than capable of writing pf rulesets/conf files by hand, and always double-check the resulting pf.conf before pushing it into production, but a GUI is quicker to generate the initial config so whatever. On my MacBook Pro I currently use the excellent built-in pf firewall, with Murus Pro acting as front-end. It even now has a top-to-bottom ruleset like pf. Eset's Internet Security finally gave me the control I desired namely per-interface/IP zones and rules, to easily allow application-specific traffic over VPN interfaces but not the LAN/ISP etc. I get very frustrated by the firewall availability on Windows machines, as they're generally nowhere near as fine-grained or powerful as *nix offerings. In fact, I suspect the higher being inner wishes are actually not to "block torrents" but to "block illegal torrents", which is quite different.I'm a long time user of pf on BSD and macOS, and iptables on Linux. I think that a more lax policy, based more on users agreeing to your rules would probably work better for everyone. Rinse and repeat for every user and application. If he doesn't, you refer jdoe to the higher being rejecting that request. ![]() If the higher being allows the change, you implement it. Shall we allow even if that means that it would be possible to torrent using that port?" They should request that to be changed and you should relay that request to that higher being: "Application X, which is needed by jdoe for his work, requires access to port Y, which was blocked (as with thousands other) in order to ensure it could not be used for torrents. Now, certain applications no longer work. Seeing no way to effectively block only torrents, you block all ports. An higher being has decreed “Thou shall not have torrents on this network”.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |