Application Control

From Wiki of WFilter NG Firewall
Jump to: navigation, search


1 Application Control

This module enables you to block and allow "applications", also named as "protocols". WFilter identifies each application by digital signature matching, even p2p applications can be completely blocked.

  • Each client can be applied with multiple policies.
  • Every policy can set "applied to clients" and "effective time".
  • Besides the applied to "clients" and "time", detailed "app control policy" settings are described in below.

2 Rule Evaluation

  • "Match all" means all rules will be evaluate. A visit will be blocked if any rule blocked it.
  • "Match first" means only the first matched rule can block access. You can sort rules in this mode. For example, in "match first" mode, you can add a "block all" rule to all users. To allow a client, you can add an allow rule, and move this rule to top of the "block all".

Ros appcontrol 03.png

3 Policy Settings

Ros appcontrol 01.png

  • Block upload. Block sessions when outgoing traffic exceeds limit. This feature will check the outgoing traffic of every connection. If outgoing traffic exceeds the choosen limit, this connection will be terminated. Please note: normal sessions also have outgoing traffic, so this option has false positives. Set a larger limit can get less false positives.
  • Deny and Allow. You may check the applications list and set policy by clicking "edit".
    • If "state" is "Automatic", this application will match the "dynamic filter" rule. "Deny" state applications will be blocked. "Allow" state applications will not be blocked.
    • Applications with "-" properties won't be matched by "dynamic filter" rule.
    • When "Priority" is enabled, this application won't be blocked by other rules or modules. For example, For example, "qq file transfer" is relayed by websites; if you block web surfing, "qq file transfer" will also be blocked unless "Priority" of "qq file transfer" is enabled.

Ros appcontrol 02.png

  • Every application(protocol) has three properties: "time-waisting", "bandwidth" and "risk". With dynamic filter, you can block applications by properties.
    • When dynamic filter is enabled, you still can set blocking for each application.
    • Every property has 1-5 five levels. For example, bandwidth(5-high) means this application occupies bandwidth in the highest level.

4 External Links

Personal tools