Application / Internet Filtering

Discussion in 'LnS English Forum' started by SimonW, Feb 25, 2004.

Thread Status:
Not open for further replies.
  1. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Hi,
    A couple of questions from a novice (but keen to learn! :) )

    1) Does application filtering bypass the internet filtering settings?

    (I'm running the enhanced ruleset, and currently whenever an application that I know needs the internet I give it full access)

    2) (Really this question comes off the back of the previous one) Can Internet filtering be applied per app - I'm thinking of running Shareaza (P2P) and wonder whether it is possible to implement something similar to the Outpost rules shown here, but in LnS:

    http://www.outpostfirewall.com/forum/showthread.php?s=30ecd8fee2111f7601ab6cd360f99d59&threadid=6256&highlight=shareaza

    Thanks
    Simon
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Take a gander at http://www.wilderssecurity.com/showthread.php?t=22427;start=msg135664#msg135664

    Does Trusted Applications in Application Filtering List skip pass Internet Filtering? Answer is NO. ;)
     
  3. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Thanks Phant0m,
    To answer the second part of my question though, the shareaza rules I saw on the other site were as follows:

    1)Shareaza HTTP Connection Rule
    Where the protocol is: TCP
    Where the direction is: Outbound
    Where the remote port is: 80
    Allow It

    2)Shareaza Outbound Network Connection Rule
    Where the protocol is: TCP
    Where the direction is: Outbound
    Where the remote port is: 1024 - 65535
    Allow It

    3)Shareaza Inbound Network Connection Rule Note: To share your files.
    Where the protocol is: TCP
    Where the direction is: Inbound
    Where the local port is: 1024 - 65535
    Allow It Note: Change to deny it if you do NOT want to share.

    4)Shareaza Extended TCP Port Coverage
    Where the protocol is: TCP
    Deny It Note: Blocks TCP connections not allowed by rules above

    5)Shareaza Extended UDP Port Coverage
    Where the protocol is: UDP
    Deny It Note: Blocks UDP connections not allowed by rules above.

    So, to do something simiar in LnS I went into Internet Filtering and
    [*]Click Add
    [*]Rule Name: Shareaza Outbound
    [*]Direction: Outbound
    [*]TCP Range:1024-65535

    etc. for all the rules listed above.

    I arranged these rules to appear at the top of the Filtering list in the order described above, with the Shareaza TCP and Shareaza UDP rules (4) and (5) set to the red disallow rule.

    I then thought 'this needs to be a rule just for Shareaza' so I re-opened each rule, clicked Applications button, and chose Shareaza from the list. The rule has now changed to red square with a green tick (deactivated). When I start Shareaza the rules changes to a green square.

    Does this mean that the rule is only being applied to Shareaza, or once started to everything?

    Also, I then looked back at the Application Filtering tab and selected Shareaza and Edit. This allows me to, for example, specify a TCP range. Is this for Inbound or Outbound? Anyway, I set this to 1024-65535 as well...!?

    So, where does this leave me. Have I mis-understood in attempting to apply these rules to LnS? Have my rules worked -in essence allowing Shareaza to have access to ports 1024-65545 and stop everything else it does?

    Thanks
    Simon
     

    Attached Files:

  4. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Update - clearly these rules are wrong because no other internet activity is possible until the last two Shareaza rules are allowed access... o_O
     
  5. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
  6. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Thanks for the quick response,

    I'd already seen the thread you mention, but was a little unclear. I've now downloaded/imported
    Gnutella.rie
    BitTorrent.rie
    eDonkey.rie

    (hope this is correct...!)

    and changed my Shareaza Outbound port to 27580.

    However, this still leaves me trying to understand o_O:

    1) Were my previous attempts wrong?
    2) Does specifying an Application name to an Internet Filteing rule apply to just that app? (As per my attempts)
    3) What do Port and IP Selection do on the App Filtering actually do?
    4) If I'd not done any of the above and just given Shareaza full access on top of the enhanced ruleset would this have been bad?

    Sorry for all the questions. It helps my learning process if I understand something rather than just follow the (excellent) advice given.

    Thanks
     
  7. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Anybody? :oops:
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey

    I apologize for not responding, yesterday I was working on a Importable rule page, isn’t complete but you can take a gander at it, http://www.wilderssecurity.info/0319.shtml. Instruction pages hasn’t been done yet but you can download the Shareaza Importable rule file, before applying delete or disable all corresponding Shareaza rules that’s currently in Internet Filtering screen before applying. Like before change the port, but this time change to 6346.
     
  9. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Thanks for your help Phant0m, and thanks for the importable rules!

    I'm really trying hard to get my head around LnS - it certainly seems to me to meet all my requirements for a compact professional firewall. I appreciate it's got a lots of functionality that can confuse a novice and I'm trying to understand it a little at a time - so the support on a site like this is invaluable - can't thank you enough.

    Still going back to my earlier points though - specifically 2, 3 & 4. I appreciate the time taken to try and explain some of these options...
    • Does specifying an Application name to an Internet Filteing rule apply to just that app - or does it come into full effect for everything once that app is loaded (as it seems to imply)
    • What do Port and IP Selection do on the App Filtering tab? Are these for incoming or outgoing - and do they have any benefit if we're mostly concerned with Internet Rules?
    • Once the advanced ruleset is loaded, what would be wrong with allowing full access for any future apps that require the internet,as you've already explained that they have to pass the internet rules anyway?
     
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey SimonW

    • 1.) Once a rule becomes activated, it “can” be used by ANY Application. If the rule is a server rule and it only allows access to ports the application “is listening” on, there is no chance for another Application to create listening sockets which is already in use by another program so therefore rule will only apply to that particular Application you had specified to use with that rule.
    • 2.) This is a recently implemented feature for Look ‘n’ Stop v2.05, this feature provides controls for Applications Outgoings by “Only” Destination IP/ports.
    • 3.) Times we get to this third question; I’m sure its obvious, it has been already answered.
    ;)
     
  11. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    :) Cheers -Thanks for the explanation Phant0m !!

    (Sorry to have been a pain...)
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    You pain? Common!!!!! Like heck! You aren't a pain, actually when you ask questions or when someone asks questions it helps the other viewers become more the wiser... :D
     
Thread Status:
Not open for further replies.