Establishing connection – detection
The firewall detects each newly-created network connection. The active firewall mode determines which actions are performed for the new connection. If Automatic mode or Policy-based mode is activated, the firewall will perform predefined actions with no user interaction.
Interactive mode displays an informational window that reports detection of a new network connection, supplemented with detailed information about the connection. You can opt to allow the connection or refuse (block) it. If you repeatedly allow the same connection in the dialog window, we recommend that you create a new rule for the connection. To do this, select Remember action (create rule) and save the action as a new rule for the firewall. If the firewall recognizes the same connection in the future, it will apply the existing rule without requiring user interaction.
Temporarily remember action for the process causes an action (Allow/Deny) to be used until application restart, a change of rules or filtering modes, a Firewall module update or a system restart. After any of these actions, temporary rules will be deleted.
Please be careful when creating new rules and only allow connections that you know are secure. If all connections are allowed, then the firewall fails to accomplish its purpose. These are the important parameters for connections:
- Remote side – Only allow connections to trusted and known addresses.
- Local application – It is not advisable to allow connections for unknown applications and processes.
- Port number – Communication on common ports (for example, web traffic – port number 80) should be allowed under normal circumstances.
In order to proliferate, computer infiltrations often use the Internet and hidden connections to help them infect remote systems. If rules are configured correctly, a firewall becomes a useful tool for protection against a variety of malicious code attacks.