This article explains what the F-Secure firewall profiles, rules and services are.
The F-Secure firewall protects your computer by allowing safe Internet traffic and blocking unsafe traffic. Your computer is protected with the predefined firewall settings. Usually, you do not have to change them. You may, however, have to change them if you use a very strict firewall profile or if you have added your own firewall rules or services.
The firewall profile defines the level of protection on your computer. Each firewall profile has a predefined set of firewall rules, which define the type of traffic that is allowed to or denied from your computer. To some profiles you can also add rules that you have created yourself.
Firewall profiles also define
There are several predefined firewall profiles, which range from very strict to very loose:
Note: Depending on the product you are using, the names of firewall profiles can be different.
Your computer is safe with the predefined firewall profile. You may need to change the profile to a stricter one, for example, if you use your laptop outside your home and open the Internet using a WLAN connection.
You can define your own firewall profiles and add your own set of rules for it. However, we recommend that only experienced users define their own firewall profiles.
A firewall profile consists of several firewall rules. A firewall rule consists of several firewall services. Services are defined by the protocols and ports they use.
For example, the Mobile firewall profile has a rule called Web browsing. This rule allows you to browse the web. The rule includes the services that are needed for web browsing, such as the HyperText Transfer Protocol (HTTP) service. This service uses the TCP and port number 80.
Firewall rules define what kind of Internet traffic is allowed or blocked. Each firewall profile has a predefined set of firewall rules, which you cannot change. You can only add new rules to some of the profiles. For some profiles you may not be able to add your own rules. There may also be a profile that has no predefined rules and that allows you to freely add your own set of rules. The selected profile also affects the priority which your own rules receive in relation to the predefined rules.
A firewall rule can be applied to traffic from the Internet to your computer (inbound), or from your computer to the Internet (outbound). A rule can also be applied to both directions at the same time.
A firewall rule consists of firewall services, which specify the type of traffic and the ports that this type of traffic uses. For example, a rule called Web browsing has a service called HTTP, which uses the TCP and port number 80.
Firewall rules also define whether Internet Shield alert pop-ups are shown to you about the traffic that matches the firewall rules.
You may have to add a new firewall rule if you start using a new program or attach a new device to your computer, for example, a WLAN device or an IP camera.
By adding all the services that the program or device needs to the same rule, you can easily:
You also have to add a new rule if you have denied certain type of traffic but you want to allow it to certain IP addresses. In this case, you already have a general "deny" firewall rule. To allow the traffic to certain IP addresses, you have to create a more specific "allow" rule.
For example, if the general rule denies all outbound FTP traffic, you may still want to allow FTP traffic to your Internet Service Provider's site to be able to update your web pages. You can do this by adding a more specific rule that allows FTP traffic to the Internet Service Provider's IP address, and give the rule a higher priority than for the "deny" rule.
Firewall services define the type of traffic to which a firewall rule applies. Network services, such as web browsing, file sharing or remote console access, are examples of these firewall services.
A service uses a certain protocol and port. For example, the HTTP service uses the TCP protocol and the port number 80.
A firewall service uses two kinds of ports:
Whether the port on your own computer is an initiator port or responder port depends on the direction of the traffic:
The responder ports are typically mentioned in the software documentation. The initiator port can usually be any port higher than 1023. However, for some games you may also have to define specific initiator ports. In this case, they are also mentioned in the software documentation.
If you create a new firewall rule, you have several predefined services that you can add to the rule. You can also create and add your own services if the service that you need is not on the services list.
For instructions on how to add firewall rules, see article How do I add a new firewall rule?