Question about application filtering

Discussion in 'LnS English Forum' started by kmra, Nov 17, 2010.

Thread Status:
Not open for further replies.
  1. kmra

    kmra Registered Member

    Joined:
    Nov 14, 2010
    Posts:
    6
    Hello all

    I'm testing LnS and i do appreciate this "pure" FW but i still have one issue:
    If you set an authorization rule, you can restrict it to apply only if a specific application is active, but in this case ANY application will benefit from the rule.

    For example if you set an extended authorization rule for all MSN required ports, this rule will be valid as soon as MSN is in the systray but then ALL applications will be able to pass through the authorization...

    IMHO, this behaviour seems to be dangerous but i'm not expert enough to take a clear conclusion ...
    What are your opinions ?

    Thx for any reply
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Set your applications with restricted port use.

    Double left click the application in the application filtering list, you can then enter the ports allowed for that application to use(all other ports will be blocked for that application).

    ports.jpg

    - Stem
     
  3. kmra

    kmra Registered Member

    Joined:
    Nov 14, 2010
    Posts:
    6
    Thx for your answer :D but that was not my point

    I try to give a better example:
    Obviously i want to use a web browser so i need a TCP rule to exchange with port 80 of any www server
    Let's say that i want to restrict web access only to IE on my PC, no other software: in LnS I would configure "activate rule only for IE" but it wont work ! if IE is running (even without activity) this rule will be active and .... allow ANY application to exchange with web server !!

    Of course this example is too basic but it applies with soft like MSN, p2p or games that requires wide range of protocols and ports accesses that will become available for all others appli on your PC as soon as they are running in background !! i still think that it looks like a giant hole to FW protection but i may misunderstand ?
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes, it would allow any application that has been given internet access the ability to access that rule and make outbound to those ports.

    Now going back to what I was putting forward. Lets say we have an open rule to allow outbound TCP to all remote ports. Any application that is then given internet access will then be able to use that rule, however, if you place port restrictions on an application so it can only use port 80, then it will only be able to use that port, it does not matter that a rule is in place to allow all other ports.

    So from your original example. You have an e-mail client with a rule in place that allows the various ports, you than have a browser that is restricted to port 80, the browser will only be able to use that port(80), it will not be able to use the ports in the rule you have made for the mail client.

    - Stem
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    A simple test for you to make.

    You will have an open rule to allow outbound to remote port 80, your browser will use that rule to connect to the web. Now go into the application filtering list and double click on your browser, and in the TCP ports, enter 60. Now try and connect to the internet with that browser, it will fail due to that port restriction.

    - Stem
     
  6. kmra

    kmra Registered Member

    Joined:
    Nov 14, 2010
    Posts:
    6
    Thx again, i really do appreciate your answers !! ;)

    And yes your strategy sounds good to me: using this capability to restrict port of any application, you can really connect application to protocol rules, i ve missed this point, thank you again :thumb:

    One last advice from you if you dont mind: if i allow ports at the application level, do you think i still need to activate the protocol rules by an application ?
    i mean what about setting all required protocol rules (including MSN, p2p, games) but always active, while setting restrictions for each application so that they can only behave as expected ?
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    When the application is connecting out, no. Where I do make rules that are activated by application, is for inbound connections, so that the rule is disabled and the port is filtered again when the application exits.


    - Stem
     
  8. kmra

    kmra Registered Member

    Joined:
    Nov 14, 2010
    Posts:
    6
    Yes it is even better this way !

    OK everything is clear for me now :cool:

    I wish to thank you again for your smart advices, i can now use LnS without any regret !
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    You are Welcome.

    Good to hear.

    - Stem
     
Thread Status:
Not open for further replies.