- Zone List (Plus/Network version only)
- The Zone list is a list of predefined zones (sets of the network access rules). Every rule is a named group of parameters as IP address/network, protocol, port etc. to be applied to applications of the Programs list. The zones can be added/removed/edited with the toolbar, right clicking the list item or with hotkey.
- Zone names must be unique. Editing a zone creates new zone always; if the zone with the new/edited name exists, the zone with the same name will be overwritten; the new zone will be inserted otherwise. All the zones operations are performed on by-copy basis. Applying a zone to an application copies the entire zone from the repository (the Zone list) and sets the zone copy to the application. Zones set to applications can be edited/modified independently as the result.
- Editing a zone of the Zone list updates applications of the Programs list with the matched (by name) zone. A zone content (rules and parameters) can be edited with the Zone Editor dialog.
- Zone Editor
- The zone is a set of network access rules and options to make the decision for permitting/prohibiting the related network access. The rule can be set with the following parameters: name (as a way to identify the rule), enable/disable flag, IPv4/v6 address/subnetwork, protocol, local/remote port, port forwarding, traffic direction and the rule result. When an application accesses network, the access parameters (IP/port/protocol/direction) are used to pass/reject the access attempt. The firewall compares application access parameters with the zone set to the application rule by rule, sequentially, in the reverse order. The rules at the bottom take precedence. If rule parameters are matched application access information, the firewall uses the rule result to enable/disable the application accordingly. If there are no rules matched application access data, the result parameter of the entire zone is used enable/disable the application access attempt. Every application access attempt is treated in the same manner separately.
- Windows7FirewallControl provides you with the zones manipulations at any level of details because of the rules flexibility and adjustability. The same zone approach can be used to manage network access for large computer groups (sub-networks) and/or for single computer
- You can create a new zone anytime. There are two approaches for creating the zones practically.
The choice depends on whether you would like the zone to be generally enabling or generally disabling.
- Creating the zone with the ZoneResult=Enable and add disabling (with the [Rule]Result=Disable) rules (exceptions)
- Creating the zone with the ZoneResult=Disable and add allowing (with the [Rule]Result=Enable) rules (exceptions)
Pressing "Add from the repository" button you can list all the rules from all the existing repository zones and add (re-use) an existing rules to the new zone.
- External/Forwarded Port
- There is a possibility to configure incoming external/worldwide access to selected application via Port Forwarding with uPnP compatible external firewall/router.
Windows7FirewallControl traces application running state, initiates port forwarding to the firewall/router on application launching and removes the port forwarding from the firewall/router on the application terminating automatically. The following parameters are to be used in order to start/configure a Forwarded Port applied to an application:
If a rule with the specified parameters is included in a zone and applied to a listed application, Windows7FirewallControl will redirect incoming data of Forwarded (external) Port to the Local Port with the specified protocol.
- TCP or UDP protocol
- Incoming direction
- Local Port
- Forwarded Port
- Rule result set to Enable