Appcontrol

From Wiki of WFilter NG Firewall
(Difference between revisions)
Jump to: navigation, search
(Rule Evaluation)
(External Links)
 
(4 intermediate revisions by one user not shown)
Line 13: Line 13:
  
 
* "Match all" means all rules will be evaluate. A visit will be blocked if any rule blocked it.
 
* "Match all" means all rules will be evaluate. A visit will be blocked if any rule blocked it.
* "Match first" means only the first matched rule can block access. You can sort rules in this mode.
+
* "Match first" means only the first matched rule can block access. You can sort rules in this mode. For example, in "match first" mode, you can add a "block all" rule to all users. To allow a client, you can add an allow rule, and move this rule to top of the "block all".
For example, in "match first" mode, you can add a "block all" rule to all users. To allow a client, you can add an allow rule, and move this rule to top of the "block all".
+
  
[[File:ros_appcontrol_03.png|850px]]
+
[[File:ros_appcontrol_03.png|800px]]
  
== Dynamic Filter ==
+
== Policy Settings ==
  
Every application(protocol) has three properties: "time-waisting", "bandwidth" and "risk". With dynamic filter, you can block applications by properties.
+
[[File:ros_appcontrol_01.png|800px]]
* When dynamic filter is enabled, you still can set blocking for each application.
+
* Every property has 1-5 five levels. For example, bandwidth(5-high) means this application occupies bandwidth in the highest level.
+
  
[[File:ros_appcontrol_01.png|650px]]
+
* Block upload. Block sessions when outgoing traffic exceeds limit. This feature will check the outgoing traffic of every connection. If outgoing traffic exceeds the choosen limit, this connection will be terminated. '''Please note: normal sessions also have outgoing traffic, so this option has false positives. Set a larger limit can get less false positives.'''
 +
* Deny and Allow. You may check the applications list and set policy by clicking "edit".
 +
** If "state" is "Automatic", this application will match the "dynamic filter" rule. "Deny" state applications will be blocked. "Allow" state applications will not be blocked.
 +
** Applications with "-" properties won't be matched by "dynamic filter" rule.
 +
** When "Priority" is enabled, this application won't be blocked by other rules or modules. For example, For example, "qq file transfer" is relayed by websites; if you block web surfing, "qq file transfer" will also be blocked unless "Priority" of "qq file transfer" is enabled.
  
== Deny and Allow ==
 
* You may check the applications list and set policy by clicking "edit".
 
* If "state" is "Automatic", this application will match the "dynamic filter" rule. "Deny" state applications will be blocked. "Allow" state applications will not be blocked.
 
* Applications with "-" properties won't be matched by "dynamic filter" rule.
 
* When "Priority" is enabled, this application won't be blocked by other rules or modules. For example, For example, "qq file transfer" is relayed by websites; if you block web surfing, "qq file transfer" will also be blocked unless "Priority" of "qq file transfer" is enabled.
 
 
[[File:ros_appcontrol_02.png|650px]]
 
[[File:ros_appcontrol_02.png|650px]]
 +
* Every application(protocol) has three properties: "time-waisting", "bandwidth" and "risk". With dynamic filter, you can block applications by properties.
 +
** When dynamic filter is enabled, you still can set blocking for each application.
 +
** Every property has 1-5 five levels. For example, bandwidth(5-high) means this application occupies bandwidth in the highest level.
 +
 +
== External Links ==
 +
* [http://blog.wfilterngf.com/?p=330 How to block facebook videos streaming with WFilter NG firewall?]
 +
* [http://blog.wfilterngf.com/?p=324 How to block hotspot shield VPN in network with WFilter NG firewall?]
 +
* [http://blog.wfilterngf.com/?p=277 How to block torrent in lan with WFilter NG Firewall?]
 +
* [http://blog.wfilterngf.com/?p=27 WFilter NG Firewall can block IDM downloading in your network.]
 +
* [http://blog.wfilterngf.com/?p=19 Do not forget to block QUIZ to block youtube and other google sites.]
 +
* [http://blog.wfilterngf.com/?p=613 How to block uploading to https webpages?]

Latest revision as of 15:47, 13 March 2020


Contents

[edit] 1 Application Control

This module enables you to block and allow "applications", also named as "protocols". WFilter identifies each application by digital signature matching, even p2p applications can be completely blocked.

  • Each client can be applied with multiple policies.
  • Every policy can set "applied to clients" and "effective time".
  • Besides the applied to "clients" and "time", detailed "app control policy" settings are described in below.

[edit] 2 Rule Evaluation

  • "Match all" means all rules will be evaluate. A visit will be blocked if any rule blocked it.
  • "Match first" means only the first matched rule can block access. You can sort rules in this mode. For example, in "match first" mode, you can add a "block all" rule to all users. To allow a client, you can add an allow rule, and move this rule to top of the "block all".

Ros appcontrol 03.png

[edit] 3 Policy Settings

Ros appcontrol 01.png

  • Block upload. Block sessions when outgoing traffic exceeds limit. This feature will check the outgoing traffic of every connection. If outgoing traffic exceeds the choosen limit, this connection will be terminated. Please note: normal sessions also have outgoing traffic, so this option has false positives. Set a larger limit can get less false positives.
  • Deny and Allow. You may check the applications list and set policy by clicking "edit".
    • If "state" is "Automatic", this application will match the "dynamic filter" rule. "Deny" state applications will be blocked. "Allow" state applications will not be blocked.
    • Applications with "-" properties won't be matched by "dynamic filter" rule.
    • When "Priority" is enabled, this application won't be blocked by other rules or modules. For example, For example, "qq file transfer" is relayed by websites; if you block web surfing, "qq file transfer" will also be blocked unless "Priority" of "qq file transfer" is enabled.

Ros appcontrol 02.png

  • Every application(protocol) has three properties: "time-waisting", "bandwidth" and "risk". With dynamic filter, you can block applications by properties.
    • When dynamic filter is enabled, you still can set blocking for each application.
    • Every property has 1-5 five levels. For example, bandwidth(5-high) means this application occupies bandwidth in the highest level.

[edit] 4 External Links

Personal tools
Namespaces

Variants
Actions
Navigation
Tools