Hi, Just purchased W7FWC+ version and a nice program.
Two questions:
1. I run an FTP server (Filezilla) listening passively on port 50000, with data transfer on ports 50001-50005. If I wanted to setup W7FWC to only allow data transfer for Filezilla on just those custom ports, or if I just wanted to open only those ports, what would I setup exactly in my Zone/Rule configuration? I tried to play around with it, but to no avail. If just give Filezilla EnableAll access, it works fine, but not sure how to set it up more specifically.
2. Is the a way in rules setup to enter a range of ports without entering each port individually?
Thanks in advance.
vistafirewallcontrol.freeforums.org
VistaFirewallControl (Windows7 and Vista firewall) support forum
| Welcome | ||
|---|---|---|
| Welcome to vistafirewallcontrol You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today! |
||
Custom FTP Port Setup - How to setup?
5 posts
• Page 1 of 1
Custom FTP Port Setup - How to setup?
by SFCurley » Mon Jun 28, 2010 12:18 am
- SFCurley
- Posts: 3
- Joined: Mon Jun 28, 2010 12:00 am
Re: Custom FTP Port Setup - How to setup?
by VistaFirewallControl » Tue Jun 29, 2010 8:47 am
If you would like to set strict rules with W7FC you will have to create separate rules for each port of incoming TCP.
Also you could just not specify the ports (use any port) for the TCP incoming. Anyway it’s better than EnableAll for the application.
The port range is not supported in the current version mostly because of two reasons.
-The port range would hardly be more secure than no port specification at all. Actually the purpose for the firewall is preventing unwanted connections.
If Filezilla (for instance) does not listen on port 49999 (for instance), no connections will be established to the port regardless of the firewall block.
-The port range is impossible for port forwarding synchronization, the UPnP specifications allows port-to-port forwarding only... unfortunately....
Most probably if you still do need to block the port range in a single rule only you could try to use WindowsFirewall with Advanced security.
Also you could just not specify the ports (use any port) for the TCP incoming. Anyway it’s better than EnableAll for the application.
The port range is not supported in the current version mostly because of two reasons.
-The port range would hardly be more secure than no port specification at all. Actually the purpose for the firewall is preventing unwanted connections.
If Filezilla (for instance) does not listen on port 49999 (for instance), no connections will be established to the port regardless of the firewall block.
-The port range is impossible for port forwarding synchronization, the UPnP specifications allows port-to-port forwarding only... unfortunately....
Most probably if you still do need to block the port range in a single rule only you could try to use WindowsFirewall with Advanced security.
- VistaFirewallControl
- Site Admin
- Posts: 624
- Joined: Fri Mar 27, 2009 11:25 am
Re: Custom FTP Port Setup - How to setup?
by SFCurley » Tue Jun 29, 2010 5:51 pm
Hi again.
Thanks for your reply. That makes sense.
One other question: You say in your respone "it's better than EnableAll for the application."
Just to keep things simple, for every app that I'm allowing access, I'm basically giving the app EnableAll authority. Is this a bad thing? I'm doing this partly because 1) I trust the applications I'm okay-ing, and 2) In some cases I'm not sure which are the right zones to apply (although I could guess and go the trial-and-error route, I suppose).
Thanks.
Thanks for your reply. That makes sense.
One other question: You say in your respone "it's better than EnableAll for the application."
Just to keep things simple, for every app that I'm allowing access, I'm basically giving the app EnableAll authority. Is this a bad thing? I'm doing this partly because 1) I trust the applications I'm okay-ing, and 2) In some cases I'm not sure which are the right zones to apply (although I could guess and go the trial-and-error route, I suppose).
Thanks.
- SFCurley
- Posts: 3
- Joined: Mon Jun 28, 2010 12:00 am
Re: Custom FTP Port Setup - How to setup?
by VistaFirewallControl » Wed Jun 30, 2010 12:47 pm
>Just to keep things simple, for every app that I'm allowing access, I'm basically giving the app EnableAll authority. Is this a bad thing?
The question is practically equal “I completely trust the application, confirm the application network activity as safe and wanted. Am I wrong?”
Evidently the answer is application dependent. On the other part permanently settings EnableAll for all the applications makes any firewall senseless.
The entity to block blocking nothing is a subject for collecting only.
>I'm doing this partly because 1) I trust the applications I'm okay-ing, and 2) In some cases I'm not sure which are the right zones to apply (although I could guess and go the trial-and-error route, I suppose).
Regarding (2). The zone adviser on the application detection should give a decent zone to start with. The common sense may be applied also as the default zones (which can be easily customized by the way) are reasonably named. So could you can use the following logics
- ABC is asking for connection, I do not know what ABC is, I did not launch it. So ABC is a candidate for DisableAll evidently.
- ABC is asking for connection, I do know what ABC is, I know it can be launched even automatically, I just do not know why ABC needs the internet. LANonly would be reasonable with checking of ABC operability after the LAN is enabled only.
- ABC is for ABC-ing; An ABC zone would be reasonable for the app.
“trial-and-error route” is the longest but the most comprehensive anyway. We are nearly sure you will discover a lot of network activities you did not even expect before.
1 Set DisableAll at application detection (and DisableAll as Settings/DefaultZone).
2 Check the IP/port the application is asking, Check the IP, think (and once more), make a conclusion about the activity safety, choose a proper zone or start creating a new zone from scratch enabling/disabling the activity only accordingly.
3. Check blocked notifications of the application
4 Loop from (2)
We believe the above should not take too much time, for experienced users 1-2 minutes for the first application.
The question is practically equal “I completely trust the application, confirm the application network activity as safe and wanted. Am I wrong?”
Evidently the answer is application dependent. On the other part permanently settings EnableAll for all the applications makes any firewall senseless.
The entity to block blocking nothing is a subject for collecting only.
>I'm doing this partly because 1) I trust the applications I'm okay-ing, and 2) In some cases I'm not sure which are the right zones to apply (although I could guess and go the trial-and-error route, I suppose).
Regarding (2). The zone adviser on the application detection should give a decent zone to start with. The common sense may be applied also as the default zones (which can be easily customized by the way) are reasonably named. So could you can use the following logics
- ABC is asking for connection, I do not know what ABC is, I did not launch it. So ABC is a candidate for DisableAll evidently.
- ABC is asking for connection, I do know what ABC is, I know it can be launched even automatically, I just do not know why ABC needs the internet. LANonly would be reasonable with checking of ABC operability after the LAN is enabled only.
- ABC is for ABC-ing; An ABC zone would be reasonable for the app.
“trial-and-error route” is the longest but the most comprehensive anyway. We are nearly sure you will discover a lot of network activities you did not even expect before.
1 Set DisableAll at application detection (and DisableAll as Settings/DefaultZone).
2 Check the IP/port the application is asking, Check the IP, think (and once more), make a conclusion about the activity safety, choose a proper zone or start creating a new zone from scratch enabling/disabling the activity only accordingly.
3. Check blocked notifications of the application
4 Loop from (2)
We believe the above should not take too much time, for experienced users 1-2 minutes for the first application.
- VistaFirewallControl
- Site Admin
- Posts: 624
- Joined: Fri Mar 27, 2009 11:25 am
Re: Custom FTP Port Setup - How to setup?
by SFCurley » Wed Jun 30, 2010 3:34 pm
Excellent. I appreciate the thoughtful reply.
Thanks.
Thanks.
- SFCurley
- Posts: 3
- Joined: Mon Jun 28, 2010 12:00 am
5 posts
• Page 1 of 1
Return to My App is blocked, What to do
Who is online
Users browsing this forum: No registered users and 0 guests
