Results 1 to 3 of 3

Thread: Firewall Expert Rules vs Program Control Expert Rules

  1. #1
    soulhealer Guest

    Default Firewall Expert Rules vs Program Control Expert Rules

    Firewall Expert Rules vs Program Control Expert Rules, which one has the top priority?

  2. #2
    gerard_konijn Guest

    Default Re: Firewall Expert Rules vs Program Control Expert Rules

    Read the Expert Rules fromhttp://www.donhoover.net/<DT>Expert Rules: <DD><DT><DD>How they work<DT><DD>Adding Expert Rules<DT><DD>The How and Why<DT><DD>Examples</DD>

    Left-click on the blue text!Best regards/Vriendelijke groeten. Gerard Konijn. Tilburg. The Netherlands.

  3. #3
    amjice Guest

    Default Re: Firewall Expert Rules vs Program Control Expert Rules



    Hoov:

    Read through your site ( http://www.donhoover.net/alltherules.html) and I just want to make sure I understand this entry:

    One other thing that you need to be aware of is some programs tell you that you need to open ports for them to work. Opening ports is not the wisest choice in the world, and if you have to do it, you need to be careful how you do this. To open a port to the entire system you have to do it in the Zone Expert Rules. To do it for a single program you do it in the Program Expert Rules, but the port isn't always open unless the program is running AND you have given the program Internet server rights. So chose wisely on how you open ports. Always pick the most restrictive way of doing it, that way it is controlled better.

    I'm experimenting (I can't get it to work consistently . . .yet) with OpenVPN (http://openvpn.net), an SSL VPN solution,
    on Win XP SP2.
    It's a program that requires a port of my choosing (say, 5000) to be open at the router (port forwarding to the IP of the XP machine, DESKTOP PC,
    running OpenVPN) and a route created to handle / redirect the VPN subnet (say, 10.0.0.8/24) to the desktop PC running the OpenVPN server.
    This route is done by tinkering with the Linksys router (which acts as the DHCP / gateway for the 192.168.1.x LAN) in the &quot;Advanced Routing&quot; menu.


    The private LAN (192.168.1.x) is distinct from the VPN subnet (10.0.0.8/24).
    I will primarily use OpenVPN to tunnel into my home LAN from a coffeehouse or hotel hotspot and surf out to the Internet as if I were at home.
    I have ZAP 55094 and have set it up to allow incoming UDP packets going into port 5000 to be allowed to my desktop PC; OpenVPN will drop packets that don't authenticate.
    OpenVPN will only be running on my desktop PC when I am on the road and since my desktop PC is my primary PC at home, there is no need for me to have the OpenVPN server running.

    Since it's cumbersome to disable, despite my paranoia, the router mods (Port Forwarding and Advanced Routing) that enable incoming connections to my desktop PC, am I: (1) correct in understanding that Program Expert Rules &amp; Program Control are my best bet (tick off all 4 to check marks for openvpn.exe in Program Control; set Program Expert Rules to only accept incoming UDP packets through port 5000; in Firewall, allow Incoming / Outgoing UDP on port 5000 in the Custom Firewall Settings) for security -- as in incoming UDP to port 5000, whether unsolicited or authenticated, will be dropped if OpenVPN is not running; and (2) opening a port via ZONE Expert Rules is too permissive for my scenario and will leave port 5000 open even if OpenVPN is not running?
    Sorry for being meticulous but I get nervous when I have to give a program Internet Server Rights.

    Thanks for your assistance.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •