Packet Filter

In the Network window, you can create a set of rules for filtering packets transmitted through a certain interface.

To open this window from Firewall settings, click Edit near Operation parameters for the known networks. For the required interface, select the appropriate rule set. If the appropriate rule set does not exist, you can create a new set of packet filtering rules.

Firewall uses the following predefined rule sets:

Default Rule—this rule set is used by default for new network interfaces.

Allow All—this rule set configures the component to pass through all packets.

Block All—this rule set configures the component to block all packets.

For fast switching between filtering modes, you can create custom sets of filtering rules.

To list all available interfaces or add a new interface, click . This opens a window where you can select interfaces that are to be permanently listed in the table. Active interfaces are listed in the table automatically.

You can delete inactive interfaces by pressing button.

Packet filter settings

To configure the existing rule sets and to add new ones, go to Packet filter settings window by clicking Rule sets button.

On this page you can:

Configure sets of filtering rules by adding new rules, modifying existing ones or deleting them.

Configure additional filtering settings.

To configure rule sets

Do one of the following:

To add a new set of rules for the network interface, click .

To edit an existing set of rules, select the rule set in the list and click .

To add a copy of an existing set of rules, select the rule set and click . The copy is added after the selected rule set.

To delete the selected rule set, click .

Advanced settings

In the Packet filter settings window, you can select the following options:



Use TCP stateful packet filtering

Select this check box to filter packets according to the state of existing TCP connections. Firewall will block packets that do not match the TCP protocol specification. This option helps to protect your computer from DoS attacks (denial of service), resource scanning, data injection, and other malicious operations.

It is also recommended to enable stateful packet filtering when using complex data transfer protocols (FTP, SIP, etc.).

Clear this check box to filter packets without regard to the TCP session state.

Management of fragmented IP packets

Select this check box to ensure correct processing of large amounts of data. The maximum transmission unit (MTU) may vary for different networks, therefore large IP packets may be fragmented. When this option is enabled, the rule selected for the first fragment of a large IP packet is applied to all other fragments.

Clear this check box to process fragmented packets independently.

Click OK to save changes or Cancel to exit the window without saving the changes.