Kaspersky Internet Security 2011

 
 
 

How to create a packet rule in Kaspersky Internet Security 2011?

Back to "Firewall"
2012 Aug 31 ID: 3930
 
 
 
 

All network connections on your computer are monitored by FirewallFirewall assigns a specific status to each connection and applies various rules for filtering of network activity depending on that status, thus, it allows or blocks a network activity. Firewall works based on rules of two types: packet rules and rules for applications.

Packet rules have a higher priority compared to the application rules. If both packet rules and application rules are applied to the same type of network activity, this network activity will be processed using the batch rules. Packet rules are used in order to restrict packets transfering regardless applications.

You can specify an action performed by Firewall if it detects the network activity:

  • Allow
  • Block
  • By application rules. The packet rule is not used, but the rule for the application is used.

The Allow or Block rules can be logged. In order to do this, check the Log events box.

If you want to create a packet rule you need to set network service in the Name field. Network service contains types of network activities, which are restricted according to a network rule. You can select the type of network activity or type a new service manually.

 

You can specify the Protocol which will be used to monitor network activity. Firewall restricts connections via TCPUDPICMPICMPv6IGMP and GRE protocols. If you selected ICMP or ICMPv6 protocol, then you can specify a type and a code of a ICMP packet.

InformationBy default the Protocol box is clear.

 

Also you can specify the Direction monitored network activity. Firewall controls connections with the following directions:

  • Inbound. The rule is for data packets received by your computer
  • Inbound (stream). The rule is for network connections created from another computer.
  • Inbound / Outbound. The rule is for inbound and outbound data packets and data streams regardless the direction.
  • Outbound. The rule is for data packets sent from your computer.
  • Outbound (stream). The rule is only for network connections created by your computer.
  • Remote and Local ports. You can specify ports which are used by your and remote computers for TCP and UDP protocols. These ports will be controlled by Firewall.

For TCP and UDP protocols, you can specify Remote and Local ports.

You can also specify network addresses. You can use an IP address as the network address or specify the network status. In the latter case the addresses will be copied from all networks that are connected and have the specified status at the moment.

You can select one of the following addresses types:

  • Any address. The rule will be created for any IP address

  • Subnetwork address. The rule will be created for IP addresses of all connected networks which have one of the following statuses:
    • Trusted networks
    • Local networks
    • Public networks

  • Addresses from the list. The rule will be created for IP addresses from the specified range of IP addresses. For the Addresses from the list option, you can specify Remote address and Local address.

    • Remote address. Select the required group of remote addresses. If there are no required groups, then you can create a new group. To do so, click the Add link and specify the addresses from the group in the IP address or DNS name window.

    • Local address. Select the required type:
      • Any address. the rule wiil be applied to any IP address
      • Addresses from the list. Select the required group of local addresses. If there are no required groups, then you can create a new group. To do so, click the Add link and specify the addresses from the group in the IP address or DNS name window.

In order to create packet rule, perform the following actions:

  1. in the left part of the main application window, go to the Protection Center tab
  2. in the right upper corner click Settings
  3. in the left part of the Settings window, select Firewall
  4. make sure that the Firewall component is enabled (the Enable Firewall box is checked)
  5. in the right part of the Settings window, click the Settings... button
  6. in the Firewall window, go to the Packet rules tab
  7. click the Add button
  8. in the Network rule window in the Action section select:
    • Allow
    • Block
    • By application rules
  9. in the Name section select the service from the list or type the name manually
  10. check the Protocol box and select the required protocol type
  11. specify the Direction of monitored network activity
  12. in the Remote ports and Local ports sections specify the required ports which will be monitored
  13. in the Address section select the required addresses type:
    • Any address
    • Subnetwork addresses. Select the network status: Trusted networksLocal networksPublic networks
    • Addresses from the list.  You can specify Remote and Local addresses. Select one of the address groups. If there are no address groups you want to add, you can create a new group.To do so, click the Add link and specify the addresses from the group in the IP address or DNS name window
  14. check the Log events,  boxif you want to log actions performed according to the rule
  15. after the finish to create the packet rule, click the OK button in the Network rule window
  16. the created rule appears in the list of packet rules
  17. click the OK button in the Firewall window
  18. in the Settings window click the OK button
  19. close the main application window.

 
 
 
 
Did the provided info help you?
Yes No
 
 
 

Applies To:

  • Kaspersky Internet Security 2011