How do I reorder firewall rules?

Discussion in 'ESET Smart Security' started by hojtsy, Nov 18, 2007.

Thread Status:
Not open for further replies.
  1. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    Hi,
    I would like to change the order in which the detailed firewall rules are processed. I tried drag-and-droping rules in the detailed rules view, but it doesn't work. How do I achieve this, please?
    Thanks,
    hojtsy
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's not possible, always the more specific rule is applied. E.g. if you create a rule that allows communication for all programs at port 80 and then create one to block it for a specific program, the latter would superceed the general rule.
     
  3. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    Thanks Marcos.
    Which of these rules is more specific:
    1) Block all port 139, independently from ip or application
    2) Allow outgoing to 123.123.123.123, independently from port or application
    3) Block myapp.exe, on port 1234 to any ip, both directions

    In particular
    - Can myapp.exe use port 1234 to send data to 123.123.123.123 ?
    - Can myapp.exe use port 139 to send data to 123.123.123.123 ?

    My point is that a rule can be more specific from one aspect (port, application), while being less specific from other aspect (ip, direction).
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    1, the communication will be blocked as the rule 3 is applied to a particular application and port

    2, the communication will be blocked as rule 1 blocks all communication on port 139. For the application to communicate on port 139, you'll need to create another rule for that application which will take precedence over the general rule.
     
  5. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    Thanks,
    This was just meant to be an example, I try to understand the rules of precedence.
    From your answer it seems that if a rule is more specific regarding ports, but simultaneously less specific regarding IP address and/or direction, it still gets higher precedence, correct?
    What if two competing rules have the same port specification, but one is more specific regarding IP, other is more specific regarding direction?

    rule A: block in/out to 123.123.123.123, any app
    rule B: allow outgoing, any address, any app
    rule C: allow in/out, any address, for myapp.exe

    Notice that rule A is more specific regarding IP, while rule B is more specific regarding direction, and rule C is more specific regarding application. What is the precedence order of these rules?
    Another example where the "more specific wins" rule breaks is when two competing rules have the same level of "specificness".

    rule D: block port 1000-2000
    rule E: allow port 1500-2500

    Is port 1600 allowed or blocked?
    I am afraid telling "more specific rule gets applied" is not enough without exactly defining what "more specific" means. Is there a more detailed description of the precedence rules available somewhere?
     
  6. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    It seems ESET could have better built the program so that the user could move rules. I have created some rules that block some default rules that had been set to 'Allow'. I then disabled the default rules mentioned. I presume this will produce the desired result or does it not ?
     
    Last edited: Nov 30, 2007
Thread Status:
Not open for further replies.