Hi have just brought W7FC plus and think it is an awesome program, as a firewall learner i would like more information.
Would it possible to include in the manual some brief details of each zone rule .
vistafirewallcontrol.freeforums.org
VistaFirewallControl (Windows7 and Vista firewall) support forum
| Welcome | ||
|---|---|---|
| Welcome to vistafirewallcontrol You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today! |
||
Request for Rule Manual
6 posts
• Page 1 of 1
Request for Rule Manual
by peters » Wed Feb 24, 2010 9:10 am
- peters
- Posts: 49
- Joined: Thu Feb 18, 2010 1:06 pm
Re: Request for Rule Manual
by VistaFirewallControl » Thu Feb 25, 2010 10:08 am
Please realize there is no problem to improve the manual and/or the site promptly.
The problem usually is we can’t realize what exactly should be added to keep the information publicly useful, we evidently must not treat any personal explanations as public.
So regarding the zone explanations….
We did expect the zone name is self descriptive enough, the zone content (set of the rules) describes the zone purpose/behavior in full and all the possible comments are redundant.
Every rule is a strict set of parameters such as protocol/address/port and the set is self descriptive enough as well (as we humbly believe).
The question “why a zone consists of such rules” is most probably beyond the firewall at all.
Actually the question (for instance) "why e-mail application uses a port" is rather the question of e-mail standards, not the firewall. Correct?
Could you please clarify what exactly produces the difficulty?
The problem usually is we can’t realize what exactly should be added to keep the information publicly useful, we evidently must not treat any personal explanations as public.
So regarding the zone explanations….
We did expect the zone name is self descriptive enough, the zone content (set of the rules) describes the zone purpose/behavior in full and all the possible comments are redundant.
Every rule is a strict set of parameters such as protocol/address/port and the set is self descriptive enough as well (as we humbly believe).
The question “why a zone consists of such rules” is most probably beyond the firewall at all.
Actually the question (for instance) "why e-mail application uses a port" is rather the question of e-mail standards, not the firewall. Correct?
Could you please clarify what exactly produces the difficulty?
- VistaFirewallControl
- Site Admin
- Posts: 624
- Joined: Fri Mar 27, 2009 11:25 am
Re: Request for Rule Manual
by peters » Thu Feb 25, 2010 1:21 pm
Iam trying to learn how to make a rule which will allow "Windows Problem Reporting" currently i have set it to "WebBrowser" zone but feel there is a safer option. But my inexperience of firewalls is stopping me find/make the rule.
The following are logged when I disable the WebBrowser zone for Problem Reporting, If you was to show me how to make a specific rule for this i will be happy.
25/02/2010|09:08:01|IPv4 TCP 65.55.53.190:80(49340)|Windows Problem Reporting| Outgoing
25/02/2010|13:52:45|IPv4 TCP 65.55.53.190:80(49934)|C:\windows\system32\wermgr.exe|Detection Outgoing
The following are logged when I disable the WebBrowser zone for Problem Reporting, If you was to show me how to make a specific rule for this i will be happy.
25/02/2010|09:08:01|IPv4 TCP 65.55.53.190:80(49340)|Windows Problem Reporting| Outgoing
25/02/2010|13:52:45|IPv4 TCP 65.55.53.190:80(49934)|C:\windows\system32\wermgr.exe|Detection Outgoing
- peters
- Posts: 49
- Joined: Thu Feb 18, 2010 1:06 pm
Re: Request for Rule Manual
by VistaFirewallControl » Thu Feb 25, 2010 2:42 pm
Practically the question you are asking is very common and not related to a firewall directly. We even could try to separate the question into several separate ones:
(a) what is an application’s network activity. ( 100% application dependent and 0% firewall dependent)
(b) what is my security policy for the application (100% your security environment dependent and 0% firewall dependent)
And only then (c) how to implement the policy with the firewall (the only 100% firewall dependent)
Obviously we can have strict answer only for (c) let’s try to start from (a) however
So
(a) “Windows Problem Reporting” most probably (no strict official information available) sends the reports via http protocol, if so “WebBrowser” zone can be reasonable.
(b) The question can be simplified to whether you need the activity, you have decided you need.
The details depend on whether there is a backside activity of the application beyond sending the reports. If you do not think the other activity can be (you trust the application for instance) and the report receiving side is trusted as well, you can set even EnableAll to the application as there is no discredited activity to a discredited peer expected.
Otherwise you should investigate the application activity and possible peers first, it’s not firewall related, firewall can be used though for the activity monitoring
(c) after (a) and (b) are clear – i.e. you need the access to any web site you may easily set WebBrowser zone to the application. However if you know a valid/permanent IP/port to send the reports to you can easily create your own zone with a single enabling rule permitting exactly the port/IP pair.
Too complex? May be for the first time, for the first application. Need more explanations, do not hesitate to ask
>If you was to show me how to make a specific rule for this i will be happy.
- Zone tab/create new zone/name the zone as ReportZone (for instance)
- open the zone for editing, set zone result to “disable” and insert the only rule (say “reporting” as the name)
- set protocol to TCP, address to 65.55.53.190 (let’s think the address is permanent), port to 80, direction to “outgoing”, rule result to “enable” and save the zone.
-Program tab/WindowsProblemReporting application/DblClick/uncheck “show advised only”/choose ReportZone to from “zone” combo/ press apply.
(a) what is an application’s network activity. ( 100% application dependent and 0% firewall dependent)
(b) what is my security policy for the application (100% your security environment dependent and 0% firewall dependent)
And only then (c) how to implement the policy with the firewall (the only 100% firewall dependent)
Obviously we can have strict answer only for (c) let’s try to start from (a) however
So
(a) “Windows Problem Reporting” most probably (no strict official information available) sends the reports via http protocol, if so “WebBrowser” zone can be reasonable.
(b) The question can be simplified to whether you need the activity, you have decided you need.
The details depend on whether there is a backside activity of the application beyond sending the reports. If you do not think the other activity can be (you trust the application for instance) and the report receiving side is trusted as well, you can set even EnableAll to the application as there is no discredited activity to a discredited peer expected.
Otherwise you should investigate the application activity and possible peers first, it’s not firewall related, firewall can be used though for the activity monitoring
(c) after (a) and (b) are clear – i.e. you need the access to any web site you may easily set WebBrowser zone to the application. However if you know a valid/permanent IP/port to send the reports to you can easily create your own zone with a single enabling rule permitting exactly the port/IP pair.
Too complex? May be for the first time, for the first application. Need more explanations, do not hesitate to ask
>If you was to show me how to make a specific rule for this i will be happy.
- Zone tab/create new zone/name the zone as ReportZone (for instance)
- open the zone for editing, set zone result to “disable” and insert the only rule (say “reporting” as the name)
- set protocol to TCP, address to 65.55.53.190 (let’s think the address is permanent), port to 80, direction to “outgoing”, rule result to “enable” and save the zone.
-Program tab/WindowsProblemReporting application/DblClick/uncheck “show advised only”/choose ReportZone to from “zone” combo/ press apply.
- VistaFirewallControl
- Site Admin
- Posts: 624
- Joined: Fri Mar 27, 2009 11:25 am
Re: Request for Rule Manual
by peters » Thu Feb 25, 2010 3:24 pm
Excellent thanks for your quick and complete answer ...... I think iam begining to see the light
Sorry for my lack of experience
Does the address go in the Host box or IPv4/v6 box ?
How can i set an address range ?
Sorry for my lack of experience
Does the address go in the Host box or IPv4/v6 box ?
How can i set an address range ?
- peters
- Posts: 49
- Joined: Thu Feb 18, 2010 1:06 pm
Re: Request for Rule Manual
by VistaFirewallControl » Fri Feb 26, 2010 3:06 pm
>Does the address go in the Host box or IPv4/v6 box ?
The IPv4/v6 box in that case, as it's already IP address, not a host symbolic name to resolve
>How can i set an address range ?
via IP masks/sunbetworks
http://en.wikipedia.org/wiki/Subnetwork
The IPv4/v6 box in that case, as it's already IP address, not a host symbolic name to resolve
>How can i set an address range ?
via IP masks/sunbetworks
http://en.wikipedia.org/wiki/Subnetwork
- VistaFirewallControl
- Site Admin
- Posts: 624
- Joined: Fri Mar 27, 2009 11:25 am
6 posts
• Page 1 of 1
Return to What is VistaFirewallControl, features
Who is online
Users browsing this forum: No registered users and 0 guests
