Using the advanced editing mode
The advanced editing mode allows you to set highly specific rules for the relevant network, although you will need a certain level of knowledge of network security for this. You can of course create all the rules here that can be created using the rule wizard, but advanced settings can also be made.
The following configuration options are available here:
- Name: This allows you to change the name of the current rule set if required. The rule set will then be displayed under this name in the list within the Rule setsarea and can be combined with networks identified by the firewall there.
- Stealth mode: Stealth mode (meaning: hidden, secret) is used for not answering requests to the computer that verify the relevant port's accessibility. This makes it difficult for hackers to obtain system information in this manner.
- Action if no rule applies: Here you can specify whether access to the network is generally allowed, denied or regulated on request. Any special rules for individual programs defined by the firewall's learning function are applied.
- Adaptive mode: The adaptive mode supports applications that use feedback channel technology (e.g. FTP and numerous online games). These applications connect to a remote computer and negotiate a feedback channel with it, which the remote computer then uses to reverse connect to your application. If the adaptive mode is enabled, the firewall detects this feedback channel and permits it without querying it separately.
The list of rules contains all the rules that are defined for this rule set. This means, for example, that selected programs can be authorized for numerous network accesses even if the network is classified as untrustworthy. The rules applicable here may have been created in various ways:
- Via the Rule wizard
- Directly using the advanced editing mode via the New button
- Using the dialog in the info box displayed when the Firewall alarm is triggered.
Of course, each rule set has its own list of rules.
Since the firewall rules are in part switched hierarchically, it is sometimes important to note the rank of each rule. For example, a port that you have granted access to may be blocked again because a certain protocol is denied access. To modify the rank of a rule in the sequence, highlight it with the mouse and use the arrow buttons under Rank to move it up or down the list.
If you create a new rule using the advanced editing mode, or modify an existing rule using the Edit dialog, the Edit rule dialog appears with the following setting options:
- Name: For default and automatically generated rules, this displays the program name to which the relevant rule applies.
- Rule enabled: You can disable a rule without actually deleting it by deactivating the checkbox.
- Note: This indicates how the rule was created. Next to rules preset for the rule set it says "Default rule"; next to rules that arise from the dialog for the Firewall alarm it says "generated in response to alert"; and for rules that you generate yourself via the advanced editing mode you can insert your own comment.
- Direction: This setting specifies if the selected rule applies to inbound or outbound connections, or to both inbound and outbound connections.
- Access: This specifies if access is to be permitted or denied for the relevant program within this rule set.
- Protocol: This allows you to select the connection protocols you want to permit or deny access. You can generally block or enable protocols or link usage of a protocol to the use of one or more specific applications (Match to applications). Similarly, you can use the Match to Internet service button to specify the ports that you do or do not wish to use.
- Time window: You can also set up time-related access to network resources to ensure, for example, that the network can only be accessed during your normal working day and is blocked at all other times.
- IP range: It is advisable to regulate network use by restricting the IP address range, especially for networks with fixed IP addresses. A clearly defined IP address range significantly reduces the risk of attack from a hacker.