Application / Internet Filtering

Hi,
A couple of questions from a novice (but keen to learn! )

1) Does application filtering bypass the internet filtering settings?

(I'm running the enhanced ruleset, and currently whenever an application that I know needs the internet I give it full access)

2) (Really this question comes off the back of the previous one) Can Internet filtering be applied per app - I'm thinking of running Shareaza (P2P) and wonder whether it is possible to implement something similar to the Outpost rules shown here, but in LnS:

http://www.outpostfirewall.com/forum/showthread.php?s=30ecd8fee2111f7601ab6cd360f99d59&threadid=6256&highlight=shareaza

Thanks
Simon

 

Take a gander at http://www.wilderssecurity.com/showthread.php?t=22427;start=msg135664#msg135664

Does Trusted Applications in Application Filtering List skip pass Internet Filtering? Answer is NO.

 

Thanks Phant0m,
To answer the second part of my question though, the shareaza rules I saw on the other site were as follows:

1)Shareaza HTTP Connection Rule
Where the protocol is: TCP
Where the direction is: Outbound
Where the remote port is: 80
Allow It

2)Shareaza Outbound Network Connection Rule
Where the protocol is: TCP
Where the direction is: Outbound
Where the remote port is: 1024 - 65535
Allow It

3)Shareaza Inbound Network Connection Rule Note: To share your files.
Where the protocol is: TCP
Where the direction is: Inbound
Where the local port is: 1024 - 65535
Allow It Note: Change to deny it if you do NOT want to share.

4)Shareaza Extended TCP Port Coverage
Where the protocol is: TCP
Deny It Note: Blocks TCP connections not allowed by rules above

5)Shareaza Extended UDP Port Coverage
Where the protocol is: UDP
Deny It Note: Blocks UDP connections not allowed by rules above.

So, to do something simiar in LnS I went into Internet Filtering and
[*]Click Add
[*]Rule Name: Shareaza Outbound
[*]Direction: Outbound
[*]TCP Range:1024-65535

etc. for all the rules listed above.

I arranged these rules to appear at the top of the Filtering list in the order described above, with the Shareaza TCP and Shareaza UDP rules (4) and (5) set to the red disallow rule.

I then thought 'this needs to be a rule just for Shareaza' so I re-opened each rule, clicked Applications button, and chose Shareaza from the list. The rule has now changed to red square with a green tick (deactivated). When I start Shareaza the rules changes to a green square.

Does this mean that the rule is only being applied to Shareaza, or once started to everything?

Also, I then looked back at the Application Filtering tab and selected Shareaza and Edit. This allows me to, for example, specify a TCP range. Is this for Inbound or Outbound? Anyway, I set this to 1024-65535 as well...!?

So, where does this leave me. Have I mis-understood in attempting to apply these rules to LnS? Have my rules worked -in essence allowing Shareaza to have access to ports 1024-65545 and stop everything else it does?

Thanks
Simon

 

Update - clearly these rules are wrong because no other internet activity is possible until the last two Shareaza rules are allowed access...

 

Backup/Delete those rules, and take a gander at https://www.wilderssecurity.com/showthread.php?t=18179;start=msg116390#msg116390

 

Thanks for the quick response,

I'd already seen the thread you mention, but was a little unclear. I've now downloaded/imported
Gnutella.rie
BitTorrent.rie
eDonkey.rie

(hope this is correct...!)

and changed my Shareaza Outbound port to 27580.

However, this still leaves me trying to understand :

1) Were my previous attempts wrong?
2) Does specifying an Application name to an Internet Filteing rule apply to just that app? (As per my attempts)
3) What do Port and IP Selection do on the App Filtering actually do?
4) If I'd not done any of the above and just given Shareaza full access on top of the enhanced ruleset would this have been bad?

Sorry for all the questions. It helps my learning process if I understand something rather than just follow the (excellent) advice given.

Thanks

 

Anybody?

 

Hey

I apologize for not responding, yesterday I was working on a Importable rule page, isn’t complete but you can take a gander at it, http://www.wilderssecurity.info/0319.shtml. Instruction pages hasn’t been done yet but you can download the Shareaza Importable rule file, before applying delete or disable all corresponding Shareaza rules that’s currently in Internet Filtering screen before applying. Like before change the port, but this time change to 6346.

 

Thanks for your help Phant0m, and thanks for the importable rules!

I'm really trying hard to get my head around LnS - it certainly seems to me to meet all my requirements for a compact professional firewall. I appreciate it's got a lots of functionality that can confuse a novice and I'm trying to understand it a little at a time - so the support on a site like this is invaluable - can't thank you enough.

Still going back to my earlier points though - specifically 2, 3 & 4. I appreciate the time taken to try and explain some of these options...

• Does specifying an Application name to an Internet Filteing rule apply to just that app - or does it come into full effect for everything once that app is loaded (as it seems to imply)
  
• What do Port and IP Selection do on the App Filtering tab? Are these for incoming or outgoing - and do they have any benefit if we're mostly concerned with Internet Rules?
  
• Once the advanced ruleset is loaded, what would be wrong with allowing full access for any future apps that require the internet,as you've already explained that they have to pass the internet rules anyway?

 

Hey SimonW

• 1.) Once a rule becomes activated, it “can” be used by ANY Application. If the rule is a server rule and it only allows access to ports the application “is listening” on, there is no chance for another Application to create listening sockets which is already in use by another program so therefore rule will only apply to that particular Application you had specified to use with that rule.
  
• 2.) This is a recently implemented feature for Look ‘n’ Stop v2.05, this feature provides controls for Applications Outgoings by “Only” Destination IP/ports.
  
• 3.) Times we get to this third question; I’m sure its obvious, it has been already answered.

 

Cheers -Thanks for the explanation Phant0m !!

(Sorry to have been a pain...)

 

You pain? Common!!!!! Like heck! You aren't a pain, actually when you ask questions or when someone asks questions it helps the other viewers become more the wiser...