Look ‘n’ Stop Application Filtering disadvantages

Look ‘n’ Stop Application Filtering disadvantages

1) The incapability to backup and re-apply
2) Incapability to specify a port to address.
Benefits to specify port to address;
- Passive FTP issues
- Application: Windows Explorer
- - Ports And IP address selection –
TCP
- Ports: 443
- @ IP: 142.123.23.11

Now if I were to use Internet Explorer with Passive FTP setup, Windows Explorer on XP is seen making TCP initiating connection to FTP server via port 21. Not a problem, add port 21 to the TCP Ports field, now I try to download file off of FTP server, whoops blocking! Reason; the specified IP for port 443 is at fault, have two options, keep manually adding FTP server IP addresses all throughout the days or empty the “@ IP:” field. Since manually adding/removing FTP server address to the list is out of the question, so empty the IP field it’ll have to be, but now Windows Explorer can connect to any legit or not IP addresses through TCP ports 443 and 21. Done? Wait a minute! Trying to download off of FTP server I see further blockings, what? Reason; Temp range TCP ports usage for Passive FTP data connections, what does this mean? Back to modifying for applications “Ports And IP address selection”, add 1024-5000 to the TCP ports list s required. Now what do we have here? Windows Explorer being capable of use to make TCP initiating connections to any remote machine through ports 21, 443, and 1024-5000. And now I’m asking myself what is the point to even bother using “Ports And IP address selection” feature? I’m experiencing these problems with a lot of things I run….

 

Hi Phant0m,

1)
By using the "extra save" option it is normally possible to save the application filtering in a .reg file and re-apply it later.

2) My understanding of passive mode was only port 20 and 21 are required in client mode. It's true that it is not sufficient with IE, I don't know why.
Using another FTP client (Smart FTP) PASV mode seems to work with allowing only 20 and 21 ports. However, one packet using a port above 1024 is blocked at the beginning of the connection.

Anyway we will try to improve that in the next version to be able to specify source & dest ports and perhaps depending on client/server TCP usage.

Regards,

Frederic

 

Hi Frederic

Thanks for responding.

1) Yes, I use “Extra Save” and "Common to all users" but regardless if it is the same Windows Install session I always get what you will see in the below attached image.

2) Yes you are correct; IE is exceptionally different than standard third-party FTP clients, as for using third-party FTP clients, everything that even comes close to what I like in a FTP client requires purchasing something I can’t afford. And all free-wares are limited or not what I’m seeking in a FTP client.

And IE were just an example, mIRC being another, and I have entire list I can go through.

That would be a very big improvement, but that’ll still leave an issue with port or ports applying on global scale to everything listed for “@ IP:” field.

 

@Phantom.

Have you ever tried Filezilla?
I like it a lot AND it is free!

 

Ok, in this case, this is simply a bug. Not yet reported by a lot of people (or perhaps once, because now this issue sounds a little bit familiar to me).

Frederic