Comment on Application rules and Network rules

The biggest problem I have with CFP is understanding the interaction between Application rules and Network rules. And to think that I am quite comfortable reading manuals!!

Why should the user specify Network rules?

A lot of problems and security holes can be avoided if one could specify directly allowed/blocked IPs, ports, and protocols for every application.

Every application should have one entry, where one can specify as many rules as necessary – allowed/blocked IPs, ports, and protocols.

The last entry can block all other applications.

If needed, the network rules can be worked out by CFP.

May I also suggest replacing source and destination with local and remote? A lot easier to follow.

Best
Nag

Hi Nag :slight_smile:

The easiest way to think about this is as follows:

Network Monitor rules simply open holes (ports) that allow both incoming and outgoing communication.

Application Monitor specifies which applications can make use of the open holes.

Essentially, if an application tries to connect to somewhere through a hole (port) that’s not allowed by Network Monitor, it won’t be allowed.

Every application should have one entry, where one can specify as many rules as necessary -- allowed/blocked IPs, ports, and protocols.

The last entry can block all other applications.

See CFP 3

Toggie