|
By default, packet filter is disabled on the Server. When a station connects to the Server, packet filtering settings specified on the Server are set on the station. Thus, packet filter will be disabled even if it was enabled and configured on the station.
By default, packet filter is disabled on Dr.Web Agent provided with Enterprise Security Suite 12.0. At that, if Agent has already been installed with a previous version, than packet filter will be disabled during the update. If not, Agent is installed with disabled packet filter by default. |
Packet filtering allows you to control access to network regardless of what program initiates the connection. These rules are applied to all network packets transmitted through a network interface of your computer.
To configure packet filtering settings, select the following options:
Option |
Description |
|---|---|
Enable packet filter |
Use this option to enable and configure filtering packets for known network interfaces. If the flag is cleared, you will be allowed to configure the access to network resources only for specific applications. |
Enable dynamic packet filtering |
Use this option to filter packets according to the state of existing TCP connections. Firewall will block packets that do not match the TCP protocol specification. This option helps to protect your computer from DoS (denial-of-service) attacks, resource scanning, data injection and other malicious operations. It is also recommended that you set the flag when using protocols with complicated algorithms of data transfer (FTP, SIP, and so on.) Disable this option to filter packets regardless of the TCP session state. |
Process fragmented IP packets |
Use this option to ensure correct processing of large amounts of data. The maximum transmission unit (MTU) may vary for different networks, therefore large IP packets may be fragmented. When this option is enabled, the rule selected for the first fragment of a large IP packet is applied to all other fragments. Disable this option to process fragmented packets independently. |
Packet filter rules
Dr.Web Firewall uses the following predefined rule sets:
•Default Rule—rules that identify common network configurations and widespread attacks (this rule set is used by default for new network interfaces).
•Allow All—all packets are passed through.
•Block All—all packets are blocked. At that, the Agent—Server connection is blocked.
For the fast switching between filtering modes, you can create custom sets of filtering rules.
•To set an existing set of rules by default, select it in the list and click 
;
•To edit an existing set of rules, select it in the list and click 
;
•To copy an existing set of rules, select it in the list and click 
.
•To remove an existing set of rules, select it in the list and click 
.
1.In the Rule sets window, click 
.
2.Enter the name of a new rule set.
3.Click Save. The Creating a new rule form appears.
4.Configure the necessary rule parameters.
|
In case parameters of the rule is not saved, a new rule set is not created. |
To configure a new rule
1.In the Rule sets window, select the rule set that you want to add.
2.In the Rules window, click to create a new rule. This opens a rule creation window for packet filters.
3.Configure the following parameters:
Parameter |
Description |
|---|---|
Rule name |
The name of the created/edited rule. |
Description |
The rule description. |
Action |
The action for Firewall to perform when a packet is intercepted: •Allow packets—passes the packet through. •Block packets—blocks the packet. |
Direction |
The direction of the connection: •Inbound—the rule is applied when a packet is received from the network. •Outbound—the rule is applied when a packet is sent into the network from your computer. •Any—the rule is applied regardless of packet transfer direction. |
Logging |
The logging mode for the rule. This parameter defines which information should be stored in the log: •Disabled—no information is logged. •Headers only—log the packet header only. •Entire packet—log the whole packet. |
Criterion |
Filtering criterion. For example, transport or network protocol. To add a filtering criterion, select the necessary criterion from the Criteria list and transfer it to the left field using the arrow. You can add any number of filtering criteria. For certain criteria, there are additional parameters available. To delete a criterion, select it in the list and click |
.
|
If you do not add any criterion, the rule will allow or block all packets depending on the setting specified in the Action field.
Some filtering criteria are not compatible with the others. When you add/delete a criterion, only criteria that are compatible with the existing ones are shown in the Criteria list. |
4.When the editing is over, click Save to save the changes.
|
The packet should meet all the criteria of the rule in order for the rule action to be applied to the packet. |
To edit a rule
1.In the Rule sets window, select the rule set that you want to edit.
2.In the Rules window, select the rule from the list.
3.Click . This opens a rule modification window.
4.Configure the rule parameters.
5.When the editing is over, click Save to save the changes.
6.To remove a rule, select it from the list and click .
Network interfaces
|
This setting is available after selecting the station only. |
In the Network interfaces section, you can select a rule set to be used for filtering packets transmitted through a certain network interface.
To set rule sets for network interfaces, select the appropriate rule set for the required interface. If the appropriate rule set does not exist, you can create a new set of packet filtering rules.