Stop UDP using App. Filtering?

Discussion in 'LnS English Forum' started by imsai, Mar 4, 2006.

Thread Status:
Not open for further replies.
  1. imsai

    imsai Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    13
    Hello.

    Can I block UDP (all ports, all IPs) for a particukar applicaction using Application Filtering in LnS?

    Is there something like "!*" or "!*.*.*.*" in there?
     
  2. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada


    Hello imsai,


    If you are in Advanced Mode, a new button "Edit" is displayed in the Application Filtering page. This allows you to select ports and IP for the current selected application. By clicking this button (or double-clicking the application) the following dialog box will open:

    Please See help file builit in and it's all in there!.I just cut and pasted all this from the help file,when you are in app filtering hit the help button and scroll down near the bottom of the help file and it will tell you how it is done.

    If you wanted to block all ports on an app you would type in !1-65535 (as is )and all ports would be blocked to that APP.

    If you want certain IP's and ports just follow the help file it all in there.

    Just be careful when adding a range there are no spaces ex: 192.1x8.0.1-192.168.0.100;2x.2x0.241.3x;2x.2x1.2x5.77;24.xxx.243.122


    The above is an example of one of one app I set up protection on and then I added the ports 25;80;125 there are no spaces it is as shown.

    And if you wanted to block this for any reason you just add an ! in front of the IP range so it would be !292.1x8.0.1-292.1x8.0.100 it has now blocked all ports to that App.


    There are 4 selections:

    ports to allow/block for TCP protocol,
    ports to allow/block for UDP protocol,
    IP Address to allow/block for the TCP protocol,
    IP Address to allow/block for the UDP protocol,
    Use ; as a separator, - to specify a range, and ! for blocking.
    For instance, to block the range 192.168.0.1 to 192.168.0.100 and also 192.168.100.100 you have to enter: !192.168.0.1-192.168.0.100;!192.168.100.100

    An application with a port or address IP selection appears in the list with a .(Yellow) Icon

    To do this correctly you will have to find out what software your programs IP. Use Whois and it will show you the range that your programs use as there sever and by looking at the log file it is very easy to find what program is using certain ports to connect and you add them as above.

    Good luck it's all in the LnS help file in App filtering.:)
     
  3. imsai

    imsai Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    13
    Thank you.

    There is no abbreviation?
    When I select !1-65535 have I to specify IP also?
     
  4. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada

    Hello imsai,


    No, if you want to block all ports that's all you have to do.But if you wanted to allow certain IP ranges you would have to add them,and there allowed ports.


    But it sounds like you just want to block everything on that App? So !1-65535 would do all that for you.No need to add IP ranges to block.



    Also if you wanted to test it, look at your log file,and you will see IP's blocked under that App,due to the fact that you just blocked all ports to that App.

    Good luck if you need to know more just ask :)
     
  5. imsai

    imsai Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    13
    Can't find - may I use same kind of mask or wildcard there?
     
  6. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada


    Hello,

    I am not sure if you can't find it? Or your not sure how to go about doing this?

    You must! be in the Application tab of LnS and then press Help.

    Scroll down a little in App help file and all the info is in there.

    As below:

    There are 4 selections:

    ports to allow/block for TCP protocol,
    ports to allow/block for UDP protocol,
    IP Address to allow/block for the TCP protocol,
    IP Address to allow/block for the UDP protocol,
    Use ; as a separator, - to specify a range, and ! for blocking.
    For instance, to block the range 192.168.0.1 to 192.168.0.100 and also 192.168.100.100 you have to enter: !192.168.0.1-192.168.0.100;!192.168.100.100

    An application with a port or address IP selection appears in the list with a .(Yellow) Icon


    As for allowing a IP range you would just put as is :
    192.168.0.1-192.168.0.100


    To Block:
    !192.168.0.1-192.168.0.100




    Use ; as a separator, - to specify a range, and ! for blocking


    And that's about it.


    If you wanted to add a range of IP's and ports it would look like this
    and there are no spaces or it will get deleted!


    Example: App: Windows Media Player IP range & my DnS severs to make this connection work.Example ONLY!

    TCP:
    Ports:25;80;125
    @IP: 192.168.0.1-192.168.0.100;24.133.X.21;24.218.24.176
    MS & My DnS


    Example: App: Windows Media Player IP range and my DnS severs to make this connection work.Example ONLY!


    UPD:
    Ports:80;125
    @IP: 192.168.0.1-192.168.0.100;24.133.X.21;24.218.24.176

    MS & My DnS Servers


    If your still not sure just ask again :)
     
    Last edited: Mar 6, 2006
  7. imsai

    imsai Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    13
    Yes. :)

    But I'm not sure if I can use something like 62.62.*.7[2-7] instead of 62.62.1.72-62.62.255.72;62.62.25.72-62.62.25.77 for example?

    Are they any wildcards allowed?
     
  8. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada

    What you are asking for, I don't think there are any other options besides:

    Use[ ; ]as a separator

    [ - ]to specify a range

    and[ ! ]for blocking


    I do understand about wildcards but I don't think there are any.Besides the options above.Sorry but maybe somebody else would know for sure.:doubt:

    The only problem I find is the limit on IP's and Ports that you can add. Too many! And it will tell you so[Limit Reached!].Internet Explorer can't be done unless you visit very few sites.

    But most other App's can added with a list of IP's and Ports with no problem.

    Good Luck
     
  9. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    What exactly are you trying to accomplish? You might want to consider restrictive permit rules and let the firewall deny anything else.

    Regards,

    CrazyM
     
  10. imsai

    imsai Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    13
    I'm just trying to find the most flexible way to control each application connections. :)

    Yes, you are right.
    I will try this way.
     
Thread Status:
Not open for further replies.