Question about ZA Firewall?

Discussion in 'other firewalls' started by dja2k, Apr 11, 2005.

Thread Status:
Not open for further replies.
  1. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Does anyone know who to set portfowarding on this particular firewall besides setting it as the global state. I want to open the port only when the application is running not leave it open all the time. Any help would be good cause I know you can setup expert rules in each application.

    dja2k
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    By port forwarding do you mean permitting inbound connections? If so, this is accomplished in ZA by allowing the application server rights in the appropriate zone.

    ZA rules are usually application specific, should you permit server rights it would only apply to that application. The Pro version allows for more specific application rules and global rules.

    Regards,

    CrazyM
     
  3. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I have the pro version of ZA and the newest one. Yes allow inbound connections. I know how to setup a simple inbount using the defualt instruction that I find everywhere , but they are global opening ports. I want to know if you can setup advance application specific rules.

    dja2k
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    A further explanation of what you want to accomplish might help.

    Some expert rules are global and non application specific and can just open ports. (I take it not what you want)

    When you have an application rule and permit server rights, that will allow inbound connections to that application only on whatever port(s) it is listening on. This is application specific and not global.

    ZA Pro allows for customizing application rules further. A custom application rule usually consists of a permit for DNS, followed by the permits you want (protocol, source/destination IP's and source/destination ports) and is finished off with a deny any. (plus any logging option you may want)

    That is how I recall the expert application rules working, it has been a while since I looked at ZA Pro.

    Regards,

    CrazyM
     
  5. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Okay lets say I want to open UDP and TCP port 6346 for shareaza. The shareaza port fowarding guide makes you put that open port under Firewall>Internet Zone Security>Custom>Internet Zone>incoming\outgoing UDP & TCP set to 6346. Now if I understand that correctly, that is a global rule set and not application dependent. I think that for a specific rule for each has to be done in the Program Control>Programs>Options (shareaza)>Expert Rules , but the thing is I don't know if you have to put the global opening port then an expert rule or just an expert rule to open up port 6346 for shareaza. Yet I don't know how to use the expert rule setting option on how to set up UDP \ TCP outgoing and incoming on port 6346 to 6346. You understand me?

    dja2k
     
  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    That would be global and not what you are after.

    Without getting into expert rules does permitting shareaza server rights in both the Internet and Trusted Zones in addition to permitting outbound allow it to work properly? This should permit the inbound and be application specific.

    If you were going to define an expert application rule you would need to know everything required for the application to work properly, both inbound and outbound. The expert rule would be used to restrict traffic more than the basic application rule noted above which permits any outbound and any inbound for the application. Are the above protocols/ports all that is required, or is there more that would help to define an expert application rule?

    Edit:
    The following post may help in showing the process of making expert rules.
    https://www.wilderssecurity.com/showthread.php?t=3899

    Regards,

    CrazyM
     
    Last edited: Apr 12, 2005
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Yes, CrazyM, that would work fine with Shareaza, and Shareaza will also work fine with just outbound permitted only. You can tell it in the options that you don't want to permit inbound connections.
     
Loading...
Thread Status:
Not open for further replies.