This article explains what the F-Secure firewall profiles, rules and services are.
About F-Secure firewall
The F-Secure firewall protects your computer by allowing safe Internet traffic and blocking unsafe traffic. Your computer is protected with the predefined firewall settings. Usually, you do not have to change them. You may, however, have to change them if you use a very strict firewall profile or if you have added your own firewall rules or services.
What are firewall profiles?
The firewall profile defines the level of protection on your computer. Each firewall profile has a predefined set of firewall rules, which define the type of traffic that is allowed to or denied from your computer. To some profiles you can also add rules that you have created yourself.
Firewall profiles also define
- if Internet connections are automatically allowed for all applications, or
- if you can separately allow or deny each new connection attempt in an application control pop-up.
There are several predefined firewall profiles, which range from very strict to very loose:
- A very strict firewall profile (Block all) usually blocks most of the network traffic. This may prevent you from using some of the programs on your computer.
- A medium profile (Normal) usually allows all outbound Internet traffic from your computer. The medium profile may deny some inbound services and generate alerts about them.
- A very loose profile (Allow all) usually allows all network traffic, both inbound and outbound, and does not generate any alerts. Because this profile leaves your computer unprotected, do not use it except for in special cases.
Note: Depending on the product you are using, the names of firewall profiles can be different.
Your computer is safe with the predefined firewall profile. You may need to change the profile to a stricter one, for example, if you use your laptop outside your home and open the Internet using a WLAN connection.
You can define your own firewall profiles and add your own set of rules for it. However, we recommend that only experienced users define their own firewall profiles.
How are firewall profiles related to firewall rules and services?
A firewall profile consists of several firewall rules. A firewall rule consists of several firewall services. Services are defined by the protocols and ports they use.
For example, the Mobile firewall profile has a rule called Web browsing. This rule allows you to browse the web. The rule includes the services that are needed for web browsing, such as the HyperText Transfer Protocol (HTTP) service. This service uses the TCP and port number 80.
What are firewall rules?
Firewall rules define what kind of Internet traffic is allowed or blocked. Each firewall profile has a predefined set of firewall rules, which you cannot change. You can only add new rules to some of the profiles. For some profiles you may not be able to add your own rules. There may also be a profile that has no predefined rules and that allows you to freely add your own set of rules. The selected profile also affects the priority which your own rules receive in relation to the predefined rules.
A firewall rule can be applied to traffic from the Internet to your computer (inbound), or from your computer to the Internet (outbound). A rule can also be applied to both directions at the same time.
A firewall rule consists of firewall services, which specify the type of traffic and the ports that this type of traffic uses. For example, a rule called Web browsing has a service called HTTP, which uses the TCP and port number 80.
Firewall rules also define whether Internet Shield alert pop-ups are shown to you about the traffic that matches the firewall rules.
When do you have to add a new firewall rule?
You may have to add a new firewall rule if you start using a new program or attach a new device to your computer, for example, a WLAN device or an IP camera.
By adding all the services that the program or device needs to the same rule, you can easily:
- turn the rule on or off later, or
- remove the rule if you uninstall the program or remove the device.
You also have to add a new rule if you have denied certain type of traffic but you want to allow it to certain IP addresses. In this case, you already have a general "deny" firewall rule. To allow the traffic to certain IP addresses, you have to create a more specific "allow" rule.
For example, if the general rule denies all outbound FTP traffic, you may still want to allow FTP traffic to your Internet Service Provider's site to be able to update your web pages. You can do this by adding a more specific rule that allows FTP traffic to the Internet Service Provider's IP address, and give the rule a higher priority than for the "deny" rule.
What are firewall services?
Firewall services define the type of traffic to which a firewall rule applies. Network services, such as web browsing, file sharing or remote console access, are examples of these firewall services.
A service uses a certain protocol and port. For example, the HTTP service uses the TCP protocol and the port number 80.
A firewall service uses two kinds of ports:
- Initiator port: the port on the computer that starts the connection.
- Responder port: the port on the computer where the connection ends.
Whether the port on your own computer is an initiator port or responder port depends on the direction of the traffic:
- If the firewall service is for outbound traffic, the initiator port is the port on your own computer. The responder port is then the port on a remote computer.
- If the firewall service is for inbound traffic, the initiator port is the port on a remote computer. The responder port is then the port on your own computer.
The responder ports are typically mentioned in the software documentation. The initiator port can usually be any port higher than 1023. However, for some games you may also have to define specific initiator ports. In this case, they are also mentioned in the software documentation.
If you create a new firewall rule, you have several predefined services that you can add to the rule. You can also create and add your own services if the service that you need is not on the services list.
For instructions on how to add firewall rules, see article How do I add a new firewall rule?