Based on a suggestion from a previous question (http://forums.obdev.at/viewtopic.php?f=1&t=8379) to block unwanted NetBIOS connections, I created rules to deny all processes on port 137-139, then created a rule that would Allow access to specific IP addresses for the same ports. That part worked fine, except that I wanted to make it so that I would get prompted for the IP addresses in the second rule, instead of blindly allowing.
I modified the rule as follows:
action: "? Ask"
Any Process
Process Owner: Me (also a second rule for System)
Server: IP addresses 10.0.0.0-10.0.255.255
TCP port 137-139
Occasionally, my computer tries to make a connection to an address in the rule's range, and I get prompted for how to handle the connection, which I expect. I then choose "Deny until quit", but I continuously get the prompt for the same connection. If I look at the connection details, I see that the process is netbiosd and the PID is always 105, so I know that it is not a new process each time. I even clicked "Deny Forever", and I still get prompted. The only way to get it to stop asking is to un-check the "On" for the Ask rule.
I can see the new rule get created for the specific process in the LS configuration. It seems like this is a bug where an "? Ask" rule for "Any Process" is getting priority over a more specific rule for a specific process.
Has anyone else seen this?
I modified the rule as follows:
action: "? Ask"
Any Process
Process Owner: Me (also a second rule for System)
Server: IP addresses 10.0.0.0-10.0.255.255
TCP port 137-139
Occasionally, my computer tries to make a connection to an address in the rule's range, and I get prompted for how to handle the connection, which I expect. I then choose "Deny until quit", but I continuously get the prompt for the same connection. If I look at the connection details, I see that the process is netbiosd and the PID is always 105, so I know that it is not a new process each time. I even clicked "Deny Forever", and I still get prompted. The only way to get it to stop asking is to un-check the "On" for the Ask rule.
I can see the new rule get created for the specific process in the LS configuration. It seems like this is a bug where an "? Ask" rule for "Any Process" is getting priority over a more specific rule for a specific process.
Has anyone else seen this?