Packet Filter

Top  Previous  Next

Packet filtering allows you to control access to network regardless of what program initiates the connection. These rules are applied to all network packets transmitted through a network interface of your computer.

Thus, packet filtering provides you with more general mechanisms to control access to network than the application level filtering.

Firewall uses the following predefined rule sets:

Default Rule—this rule set is used by default for new network interfaces.

Allow All—this rule set configures the component to pass through all packets.

Block All—this rule set configures the component to block all packets.

For fast switching between filtering modes, you can create custom sets of filtering rules.

To set rule sets for network interfaces

In the Firewall settings window,click Change working parameters for the known networks, choose a network interface and click Edit. On this page you can:

Configure sets of filtering rules by adding new rules, modifying existing ones or deleting them.

Configure additional filtering settings.

To configure rule sets

Do one of the following:

To add a new set of rules for the network interface, click Add;

To edit an existing set of rules, select the rule set in the list and click  Edit.

To add a copy of an existing set of rules, select the rule set and click Copy. The copy is added after the selected rule set.

To delete the selected rule set, click Delete.

To configure additional settings

In the Packet filter settings window, you can select the following options:



Use TCP stateful packet filtering

Select this check box to filter packets according to the state of existing TCP connections. Firewall will block packets that do not match the TCP protocol specification. This option helps to protect your computer from DoS attacks (denial of service), resource scanning, data injection, and other malicious operations.

It is also recommended to enable stateful packet filtering when using complex data transfer protocols (FTP, SIP, etc.).

Clear this check box to filter packets without regard to the TCP session state.

Management of fragmented IP packets

Select this check box to ensure correct processing of large amounts of data. The maximum transmission unit (MTU) may vary for different networks, therefore large IP packets may be fragmented. When this option is enabled, the rule selected for the first fragment of a large IP packet is applied to all other fragments.

Clear this check box to process fragmented packets independently.