Packet Filter

In the Network window, you can create a set of rules for filtering packets transmitted through a certain interface.

To open Network window

1.Open Dr.Web menu Dr.Web icon, then select Security Center.

2.In the open window, select the Files and Network section.

3.Make sure Dr.Web operates in administrator mode (the lock at the bottom of the program window is open ). Otherwise, click the lock .

4.Click the Firewall tile. A component parameters window opens.

5.Expand the Advanced settings group.

6.In the Application rules section click Edit. A window with a list of network interfaces opens. For these network interfaces, rules have been set.

Figure 47. Sets of rules for network interfaces

7.For the required interface, select the appropriate rule set. If the appropriate rule set does not exist, you can create it.

Firewall uses the following predefined rule sets:

Default Rule—this rule set is used by default for new network interfaces.

Allow All—this rule set configures the component to pass through all packets.

Block All—this rule set configures the component to block all packets.

For fast switching between filtering modes, you can create custom sets of filtering rules.

To list all available interfaces or add a new interface, click Add. This opens a window where you can select interfaces that are to be permanently listed in the table. Active interfaces are listed in the table automatically.

You can delete inactive interfaces by clicking Delete.

To access the interface parameters, click on the interface name.

Packet filter settings

To configure the existing rule sets and to add new ones, go to Packet filter settings window by clicking Rule sets button.

Figure 48. Packet filter settings

On this page you can:

Configure sets of filtering rules by adding new rules, modifying existing ones or deleting them.

Configure advanced filtering settings.

Configuring rule sets

Do one of the following:

To add a new set of rules for the network interface, click Add.

To edit an existing set of rules, select the rule set in the list and click Edit.

To add a copy of an existing set of rules, select the rule set and click Copy. The copy is added after the selected rule set.

To delete the selected rule set, click Delete.

Advanced settings

In the Packet filter settings window, you can select the following options:

Option

Description

Use TCP stateful packet filtering

Select this check box to filter packets according to the state of existing TCP connections. Firewall will block packets that do not match the TCP protocol specification. This option helps to protect your computer from DoS attacks (denial of service), resource scanning, data injection, and other malicious operations.

It is also recommended that you enable stateful packet filtering when using complex data transfer protocols (FTP, SIP, etc.).

Clear this check box to filter packets without regard to the TCP session state.

Management of fragmented IP packets

Select this check box to ensure correct processing of large amounts of data. The maximum transmission unit (MTU) may vary for different networks, therefore large IP packets may be fragmented. When this option is enabled, the rule selected for the first fragment of a large IP packet is applied to all other fragments.

Clear this check box to process fragmented packets independently.

Click OK to save changes or Cancel to exit the window without saving the changes.