Product Support

F-Secure Internet Security 2009 - Back to FAQ list

Internet Shield Firewall

Q15. How do I add new firewall rules to Internet Shield?

Before starting to create a rule, select the security level to which you want to add this rule.

Note: You may not be able to add your own rules to all security levels.

To open the product, double-click the product icon at the bottom right corner of your screen.

Start creating a rule
Select the IP addresses
Select the services and direction
Select alerting options
Check and accept the rule

Start creating a rule

Enter a name for the rule and select whether the firewall rule denies or allows traffic.

To start creating a rule:

1. Click the Internet Shield tab.
2. Click Advanced.
3. Select Internet Shield > Firewall.
4. Click the Rules tab.
5. Click Add. The Add New Rule dialog box opens.
6. In the Name field, enter a name for the rule. Use a name that you can easily identify.
7. To either deny or allow traffic, select either Deny or Allow.
8. To create a rule that is valid only when you have an active dial-up connection, select Use this rule only with dial-up connection. This option is relevant only if you use a modem or ISDN for your Internet connection. You may want to select this option, for example, if you use a laptop outside your home network and access the Internet through a modem or ISDN connection. Outside your home, your laptop is not protected by the router firewall, and you may want to create a stricter rule that denies all unnecessary inbound traffic and use this rule outside home. Usually, you do not have to create a rule, and the default security level protects your computer both inside and outside home.
9. Click Next >.

Select the IP addresses

Apply the rule to all network connections or specify the IP addresses and networks to which the new rule applies.

Note: The IPv6-related options are only available if your operating system is Microsoft Windows Vista.

To select the IP addresses:

1. Select one of the following options:
   • To apply the rule to both IPv4 and IPv6 addresses, select Any IP Address.
   • To apply the rule to all IPv4 addresses, select Any IPv4 Address.
   • To apply the rule to all IPv6 addresses, select Any IPv6 Address.
   • To apply the rule to specific IP addresses and networks, select Custom and click Edit. The Addresses dialog box opens.
     1. In the Addresses dialog box, select one of the following options on the Type list:
        
        

        Type	Address Example
        IP address	192.168.5.16
        DNS name	www.example.com
        IP range	192.168.1.1-192.168.1.63
        IP subnet	192.168.88.0/29
        IPv6 address	2001:db8:85a3:8d3:1319:8a2e:370:733
        IPv6 range	2001:db8:1234:: - 2001:db8:1234:FFFF:FFFF:FFFF:FFFF:FFFF
        IPv6 subnet	2001:db8:1234::/48

     
     
     2. Enter the address in the Address field.
     3. To add the address to the addresses list, click Add To List.
     4. Repeat steps a-c to add all necessary addresses to the addresses list.
     5. Click OK.
2. Click Next >.

How can I define an IP subnet?

If you want to define an IP subnet, use Classless Inter-Domain Routing (CIDR) notation. It is a standard notation that consists of a network address and subnet mask. For example:

Network Address	Subnet Mask	CIDR Notation
192.168.0.0	255.255.0.0	192.168.0.0/16
192.168.1.0	255.255.255.0	192.168.1.0/24
192.168.1.255	255.255.255.255	192.168.1.255/32

Select the services and direction

Select the services to which the firewall rule applies, and the direction of the traffic. To select the services and direction:

1. Select the services to which you want to apply the rule:
   • If you want to apply the rule to all IP traffic, select All IP traffic on the list.
   • If the service you need is not on the list, you need to create it first.
   The direction icon appears in the Direction column for the services you selected.
2. For every service, select the direction of the traffic to which the rule applies. The direction is from your computer to the Internet or vice versa. To select the direction, click the icon in the Direction column. The following options are available:
   • The service is allowed or denied in both directions.
   • The service is allowed or denied if it is from the Internet to your own computer (inbound).
   • The service is allowed or denied if it is from your own computer to the Internet (outbound).
3. Click Next >.

Select alerting options

Select how the product notifies you when the firewall rule denies or allows traffic. To select the alerting option:

1. Select one of the following options:
   • If you do not want to be notified, select No alert. No alerts are generated to the alerts log, and no alert pop-ups are shown to you. We recommend that you select this option if you are creating a rule for allowing traffic.
   • If you want the product to generate alerts in the alerts log, select Log.
   • If you want the product to generate alerts in the alerts log and to show alert pop-ups to you, select Log and pop-up. Note that you have to turn on the alert pop-ups also in the Internet Shield alerts dialog box.
   • In the Alert text field, enter a description to be shown in the alerts log and pop-ups.
2. Click Next >.

Check and accept the rule

Check and accept the new rule. To do this:

1. Check the rule summary. If you need to edit the rule, click < Previous.
2. When you are satisfied with your new rule, click Finish.

Your new rule is now shown on the rules list on the Rules tab, and it is automatically turned on. If you have created several rules, you can now define their priority order.