|
1 | 1 | --- |
2 | | -sidebar_position: 27 |
| 2 | +sidebar_position: 17 |
3 | 3 | --- |
4 | 4 |
|
5 | | -# Firewall # |
6 | | - |
7 | | -The **Firewall** allows configuring simple firewall rules in the |
8 | | -Windows Defender firewall. IPsec rules are not supported. You can |
9 | | -configure protocol, local/remote ports/port range, program and |
10 | | -interface type filters as well as the direction, name, description and |
11 | | -action. |
12 | | - |
13 | | -## Rule list ## |
14 | | - |
15 | | - |
16 | | - |
17 | | -Rules can be added, deleted or the rule list can be cleared. Rules |
18 | | -stored in the Windows firewall can be cleared separately, however, |
19 | | -applying the rule list also clears the NETworkManager created rules |
20 | | -beforehand. So if the rule list is empty, you can still clear |
21 | | -NETworkManager created rules with the “Clear rules in Windows” button |
22 | | -when desired. |
23 | | - |
24 | | -:::note |
25 | | - |
26 | | -The columns **Local port**, **Remote port** and **Program** are not |
27 | | -shown if no rule has an entry in that configuration field. |
28 | | - |
29 | | -::: |
30 | | - |
31 | | -The rule list has both keyboard and mouse control functionality. |
32 | | - |
33 | | -### Keyboard control ### |
34 | | - |
35 | | -| Hotkey | Action | |
36 | | -|:-----------------|:----------------------------------------------------------| |
37 | | -| Ctrl+A | Apply rules in Windows firewall | |
38 | | -| Ctrl+Alt+Shift+C | Delete NETworkManager generated firewall rules in Windows | |
39 | | -| Ctrl+Shift+C | Delete all rules | |
40 | | -| Ctrl+D or Delete | Delete selected rules or last rule | |
41 | | -| Ctrl+N | Create a new rule | |
42 | | -| Right/Left | Open/Close details view of the selected rule | |
43 | | -| Up/Down | Select the next/previous or last/first rule¹ | |
44 | | -| Ctrl+W | Open the Windows firewall settings | |
45 | | - |
46 | | -¹: If no rule is selected, up will select the last rule and down the first one. |
47 | | - |
48 | | -:::note |
49 | | - |
50 | | -When opening the module or the profile child window tab the focus is |
51 | | -set automatically to the rule grid, such that the hotkeys are |
52 | | -recognized. You can however move it away by using Tab/Shift+Tab. In |
53 | | -that case the Hotkeys will stop working until you click a row or |
54 | | -button again. |
55 | | - |
56 | | -::: |
57 | | - |
58 | | -### Mouse control ### |
59 | | - |
60 | | -| Click | Action | |
61 | | -|:-----------------------------------|:------------------------------------------| |
62 | | -| Double click on row | Open details view | |
63 | | -| Double click on details view¹ | Close details view | |
64 | | -| Single click on left button on row | Open/Close details view | |
65 | | -| Right click | Open context menu for the selected rules² | |
66 | | - |
67 | | -¹: Double click on any non-interactive part of the details view to |
68 | | -collapse it. |
69 | | -²: The context menu contains the available actions for the selected |
70 | | -rules. They do the same as the buttons in the view. |
71 | | - |
72 | | -### Configuration storage ### |
73 | | - |
74 | | -The configuration is stored **automatically** when NETworkManager is |
75 | | -closed **regularly**. Regular closing means no crash has happened and |
76 | | -it has not been killed by the task manager or other means to do the |
77 | | -same. If no profile is available the rules will be stored in the |
78 | | -settings file. If a profile is selected, the profile will be modified |
79 | | -immediately when a setting is changed within a rule. |
80 | | - |
81 | | -## Settings ## |
82 | | - |
83 | | - |
84 | | - |
85 | | -You can configure a view mostly port related things for this |
86 | | -application. |
87 | | - |
88 | | -### Maximum length of port entries ### |
89 | | - |
90 | | -Set a limit for the length which local/remote port entries can |
91 | | -have. By default there is no limit. The 22 is just an input example. |
92 | | - |
93 | | -**Type:** `Integer` |
94 | | - |
95 | | -**Default:** [Int32.MaxValue](https://learn.microsoft.com/en-us/dotnet/api/system.int32.maxvalue) |
96 | | - |
97 | | -**Example:** `22` |
98 | | - |
99 | | -### Combine local and remote port history ### |
100 | | - |
101 | | -This is by default on and combines the entries of the local and remote |
102 | | -port history. The combination happens by alternating between local and |
103 | | -remote port history entries up to the limit, which is configured in |
104 | | -the **General** settings tab. The history is always stored separately, |
105 | | -such that you can freely switch this option. |
106 | | - |
107 | | -**Type:** `Boolean` |
108 | | - |
109 | | -**Default:** `Enabled` |
110 | | - |
111 | | -### Use Windows port list syntax ### |
112 | | - |
113 | | -Windows delimits ports and port ranges by a `','` instead of a `';'` |
114 | | -as it is used for instance in the **port scanner** application. You |
115 | | -can choose to use the Windows delimiter here, if you prefer it. This |
116 | | -will replace the history entries and watermarks dynamically, such that |
117 | | -you can switch this option freely. |
118 | | - |
119 | | -**Type:** `Boolean` |
120 | | - |
121 | | -**Default:** `Disabled` |
122 | | - |
123 | | -### Erase port history ### |
124 | | - |
125 | | -If you have played around too much with the port entries, you have the |
126 | | -option here to erase the local or remote port history. |
127 | | - |
128 | | -## Rule configuration ## |
129 | | - |
130 | | - |
131 | | - |
132 | | -The rule details view contains the configuration of each rule. |
133 | | - |
134 | | -### Name ### |
135 | | - |
136 | | -The name setting is an optional field to configure a custom firewall |
137 | | -rule name. It applies to the `DisplayName` field of the rule. A |
138 | | -default name is generated to indicate the rule settings, which is |
139 | | -shown in the empty input field and the name column of the rule. If you |
140 | | -prefer setting a name for the purpose of the rule or for other reasons |
141 | | -you can do this here. |
142 | | - |
143 | | -Nevertheless the rule will be comprised of the following: |
144 | | - |
145 | | -`NwM_YourChosenName_ProfileNameOrDefault` |
146 | | - |
147 | | -The prefix is used to determine NETworkManager generated rules. |
148 | | - |
149 | | -**Type:** `String` |
150 | | - |
151 | | -**Default:** `Empty` |
152 | | - |
153 | | -:::warning |
154 | | - |
155 | | -If you have Windows firewall rules with the `NwM_` name (DisplayName) |
156 | | -prefix, be aware, that this module will delete them automatically when |
157 | | -applying rules or when hitting the button, “Delete Windows firewall |
158 | | -rules”. You can check for such rules by running `Get-NetFirewall -DisplayName 'NwM_*'`. |
159 | | - |
160 | | -::: |
161 | | - |
162 | | -:::note |
163 | | - |
164 | | -Characters are limited to 9999 characters excluding the automatic |
165 | | -prefix and suffix and the character `'|'` is not allowed. |
166 | | - |
167 | | -::: |
168 | | - |
169 | | -### Description ### |
170 | | - |
171 | | -You can optionally set a description here. |
172 | | - |
173 | | -**Type:** `String` |
174 | | - |
175 | | -**Default:** `Empty` |
176 | | -:::note |
177 | | - |
178 | | -Characters are limited to 9999 characters and the character `'|'` is |
179 | | -not allowed. |
180 | | - |
181 | | -::: |
182 | | - |
183 | | -### Protocol ### |
184 | | - |
185 | | -This required field specifies, which protocol to apply the rule to. If |
186 | | -the protocol is not **TCP** or **UDP**, you can not set local or |
187 | | -remote port restrictions as it is required by the Windows firewall. |
188 | | - |
189 | | -**Type:** `Enum` |
190 | | - |
191 | | -**Default:** `TCP` |
192 | | - |
193 | | -### Direction ### |
194 | | - |
195 | | -Whether to apply the rule for inbound or outbound connections. Required. |
196 | | - |
197 | | -**Type:** `Enum` |
198 | | - |
199 | | -**Default:** `Inbound` |
200 | | - |
201 | | -### Local/Remote ports ### |
202 | | - |
203 | | -Restrict for which ports the rule applies when using the **TCP** or |
204 | | -**UDP** protocol. Local ports restrict where the connection happens on |
205 | | -your device. Remote ports restrict the ports, which were used on the |
206 | | -remote device to connect to your network interface. |
207 | | - |
208 | | -**Type:** `String` |
209 | | - |
210 | | -**Default:** `Empty` |
211 | | - |
212 | | -**Example:** `22; 80; 443; 500 - 999; 8080` if Windows port syntax is disabled, `22, 80, 443, 500 - 999, 8080` otherwise. |
213 | | - |
214 | | - |
215 | | -### Program ### |
216 | | - |
217 | | -You can restrict the rule to a specific program here. The file must |
218 | | -have a case insensitive *.exe file extension. Leaving it empty applies |
219 | | -to all programs. The file must exist. If the file is deleted, the rule |
220 | | -will be skipped, because the Windows firewall would then apply the |
221 | | -rule to all programs. The rule and the input field will be marked red |
222 | | -in that case. |
223 | | - |
224 | | -**Type:** `String` |
225 | | - |
226 | | -**Default:** `Empty` |
227 | | - |
228 | | -**Example:** `X:\Path\To\Program.exe` |
229 | | - |
230 | | -### Network profile ### |
231 | | - |
232 | | -Specifies which network profile the interface should have for the rule |
233 | | -to be applied. You can set multiple profiles. If you deselect all |
234 | | -profiles, the last valid configuration will remain configured and will |
235 | | -be used, when the rule list is applied, because not specifying any |
236 | | -profile would by default be applied to all profiles by the Windows |
237 | | -firewall. |
238 | | - |
239 | | -**Type:** `Boolean` |
240 | | - |
241 | | -**Default:** `All enabled` |
242 | | - |
243 | | -### Interface type ### |
244 | | - |
245 | | -You can specify the network interface type which the rule should be |
246 | | -applied to. It is one of: |
247 | | - |
248 | | -- Any |
249 | | -- Wired |
250 | | -- Wireless |
251 | | -- Remote Access (virtual VPN devices) |
252 | | - |
253 | | -**Type:** `Enum` |
254 | | - |
255 | | -**Default:** `Any` |
256 | | - |
257 | | -### Action ### |
258 | | - |
259 | | -What to do with the connection when the rule filters apply to |
260 | | -it. IPsec actions (Allow when secure) are not supported. |
261 | | - |
262 | | -Options are: |
263 | | - |
264 | | -- Allow |
265 | | -- Block |
266 | | - |
267 | | -**Type:** `Enum` |
268 | | - |
269 | | -**Default:** `Block` |
270 | | - |
271 | | -## Profiles ## |
272 | | - |
273 | | - |
274 | | - |
275 | | -The current list is automatically inserted in the configuration of new |
276 | | -profiles. You can clear it with the “Delete all” when desired. This |
277 | | -also works when adding profiles in another application. |
278 | | - |
279 | | -There are two conditions, which your configuration must meet for |
280 | | -saving: |
281 | | - |
282 | | -1. You **must** provide at least one rule. |
283 | | -2. All rule names **must not** exceed the length limit of 9999 |
284 | | - characters.¹ |
285 | | - |
286 | | -¹: While it is not possible to enter a custom rule name longer than |
287 | | -(9999 - prefix - suffix), you can provide a long custom rule name and |
288 | | -overflow it with the profile name. |
289 | | - |
290 | | -The keyboard and mouse control works is the same as in the main view |
291 | | -except that hotkeys for applying, the Windows firewall and so on are |
292 | | -ignored. |
| 5 | +# Firewall |
0 commit comments