View Full Version : How do I reorder firewall rules?
November 18th, 2007, 06:31 PM
I would like to change the order in which the detailed firewall rules are processed. I tried drag-and-droping rules in the detailed rules view, but it doesn't work. How do I achieve this, please?
November 19th, 2007, 02:05 AM
It's not possible, always the more specific rule is applied. E.g. if you create a rule that allows communication for all programs at port 80 and then create one to block it for a specific program, the latter would superceed the general rule.
November 19th, 2007, 03:03 AM
Which of these rules is more specific:
1) Block all port 139, independently from ip or application
2) Allow outgoing to 220.127.116.11, independently from port or application
3) Block myapp.exe, on port 1234 to any ip, both directions
- Can myapp.exe use port 1234 to send data to 18.104.22.168 ?
- Can myapp.exe use port 139 to send data to 22.214.171.124 ?
My point is that a rule can be more specific from one aspect (port, application), while being less specific from other aspect (ip, direction).
November 19th, 2007, 07:13 AM
1, the communication will be blocked as the rule 3 is applied to a particular application and port
2, the communication will be blocked as rule 1 blocks all communication on port 139. For the application to communicate on port 139, you'll need to create another rule for that application which will take precedence over the general rule.
November 19th, 2007, 08:01 AM
This was just meant to be an example, I try to understand the rules of precedence.
From your answer it seems that if a rule is more specific regarding ports, but simultaneously less specific regarding IP address and/or direction, it still gets higher precedence, correct?
What if two competing rules have the same port specification, but one is more specific regarding IP, other is more specific regarding direction?
rule A: block in/out to 126.96.36.199, any app
rule B: allow outgoing, any address, any app
rule C: allow in/out, any address, for myapp.exe
Notice that rule A is more specific regarding IP, while rule B is more specific regarding direction, and rule C is more specific regarding application. What is the precedence order of these rules?
Another example where the "more specific wins" rule breaks is when two competing rules have the same level of "specificness".
rule D: block port 1000-2000
rule E: allow port 1500-2500
Is port 1600 allowed or blocked?
I am afraid telling "more specific rule gets applied" is not enough without exactly defining what "more specific" means. Is there a more detailed description of the precedence rules available somewhere?
November 30th, 2007, 08:12 AM
It seems ESET could have better built the program so that the user could move rules. I have created some rules that block some default rules that had been set to 'Allow'. I then disabled the default rules mentioned. I presume this will produce the desired result or does it not ?
vBulletin® Copyright ©2000-2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums