Re: Programmatically Change Rules for Sygate Firewall?
From: Casey (Casey_at_nosuch.net)
Date: Fri, 22 Oct 2004 19:24:53 GMT
In article <firstname.lastname@example.org>, email@example.com says...
> I'm a programmer, and in my spare time at home, I've been writing a
> streaming MP3 server in C#, in order to develop my C# skills (I'm a
> veteran C++ coder, and .Net is a new world to me) and also so that I
> can access my rather large MP3 collection from work using an HTTP
> stream. Don't worry, this isn't asking about how to write a web
> server -- I've already done that, and it works great.
> The problem is Sygate -- I love the firewall; I'm actually MUCH
> happier with the way Sygate operates than I was with ZoneAlarm.
> However, I get the feeling that the Sygate home firewall wasn't really
> designed for people coding their own network servers.
> Every time I recompile my server and run it, I have to manually
> re-allow it to pass the firewall. I've tried everything I can think
> of to get around this, and nothing works -- I use a particular
> hard-coded port for entry, and I've tried the (rather crude) tactic of
> simply allowing all traffic from all hosts on that port, but Sygate
> _still_ wants me to re-validate the server app every time I change the
> binary. This is frustrating because I make changes at home and then
> start it up, and then when I hit it at work it's blocked while Sygate
> is waiting for me to allow or deny the traffic -- which means that
> every time I recompile it, I have to wait at least one working day
> before I can hit my home MP3 cache again. A day without music!
> I like the anti-hijacking and anti-trojan stuff in Sygate -- I don't
> want to just disable all of that. I'm fully aware that, from a
> security standpoint, Sygate is doing _exactly what it should be doing_
> for my app. But is there a way that I can tell Sygate that for this
> one particular app, it should "trust it" -- that is, ignore changes in
> the binary and always let it through?
> Thanks in advance for anyone who's got suggestions on this.
> -- Tom
Hi Tom. This is way over my head, but I'll try a wild WAG.
When writing the server, could you temporatily include an option
that would permit it to work out through a local proxy.
(such as Proxomitron) Install Proxo and Allow it in app. rules.
Setting the server to work through proxo. This in effect
would give the server an open door right through Sygate.