Port Filtering

Port Filtering allows users to set ports that will either allow or block connections for network communication that use the TCP/UDP protocol. After setting a port filtering rule, you can set an exception port that does not apply the rule. Despite being included in the range of port filtering rules, connections to ports included in the exception rule are not subject to the rule. By using port filtering, you can protect the system by blocking network connections of applications that attempt to connect to the network for malicious purposes.

To configure Port Filtering, complete the following steps:

1. Go to Network Protection > Intrusion Prevention and select the check box of Prevent network intrusions.
2. Select the check box of Enable port filtering.
3. Click Settings.
4. Set port filtering rules in <Port Filtering Settings>.

Configuring Port Filtering Settings

• Block All Ports: Blocks all ports except the excluded ports.

Caution If all ports are blocked, the network cannot be used. Therefore, except for emergencies such as the rapid spread of malware, use the feature with caution or limit the use to non-critical cases.

• Block only specific ports: Blocks network connection on the ports entered by the user. To set user-specified ports, click Blocked Port Settings and configure the ports.
• Allow only specific ports: Allows network connection on the ports entered by the user and blocks connection on the rest of the ports. To set user-specified ports, click Allowed Port Settings and configure the ports.
• Enable Filtering Exclusions: The filtering exclusions are a list of ports that must always be allowed for the product to operate normally. Regardless of whether users have registered ports in Blocked Ports, the connection is allowed without exception. The ports registered in Filtering Exclusions include those used by AhnLab’s APC and updates. If you click Filtering Exclusions, you can modify whether to enable port exclusions in <Port Exclusion Settings>.

Note Users cannot add or delete ports from the port filtering exclusions list. The list is managed by updates. However, users can select whether to use the port filtering exclusions list.

Blocked and Allowed Port Settings

If you selected to Block only specific ports or Allow only specific ports, you can configure the blocked/allowed port settings.

• Add: Add the blocked or allowed port to the list. Click Add to add a port to block or allow in <Manage Blocked Port>.
• Edit: You can edit the blocked or allowed port added to the list. Click Modify to modify the port details to be blocked or allowed at <Add/Edit Blocked Ports>.
• Delete: Delete the blocked or allowed port added to the list.
• Port: Shows the port number selected by the user.
• Protocol: Shows the protocol selected by the user.
• Connection: Shows the network connectivity permission of the port set by the user. All, Inbound, and Outbound are displayed.
• Type: Shows whether the user-configured port is Local Port or Remote Port.

Blocked Ports Management

• Protocol: Select the protocol to apply the port blocked rule.

• TCP: Stands for Transmission Control Protocol. It is a communication protocol that allows systems to connect for network communication.
• UDP: Stands for User Datagram Protocol. It is a communication protocol that provides limited services in network communication.

• Port Type: Select Local Port and Remote Port.

• Local Port: The port of the user system currently in use.
• Remote Port: The port of another system other than the user system in use. It is convenient to set the port number used mainly by malicious programs for the Remote Port.

• Type: Set the port input method. You can select Single Port and Port Range.

• Single Port: Select when specifying only one port. When you select Single Port, enter the port number directly.
• Port Range: Select when applying a rule for the ports within the specified range. When you select Port Range (1-65535), you must enter Start Port and End Port.

• Connection: Select the network access permission for the selected port.

• Block All: Block or allow all network connections using the selected protocol and port.
• Block Incoming Connections: Block or allow access to the system using the selected protocol and port.
• Block Outgoing Connections: Block or allow the system from establishing network connections using the selected protocol and port.

Port Exclusion Settings

You can only select whether to enable or disable Port Exclusions.

• Modify: Select an item to modify in the list of blocked ports, and click Modify to modify the usage in <Modify Blocked Port>.

Note To change the status, select an item to modify in the list of blocked ports, right-click and select Enable or Disable.

• Port: Shows the number of the blocked port.
• Status: Shows whether the item is used as a blocked port.
• Protocol: Shows the protocol.
• Connection: Shows the network connectivity permission
• Type: Shows whether it is a remote or local port.
  

Port Exclusion Management

For ports listed under Port Exclusions, you can select whether to use the port as a port filtering exclusion.

• Enable: Select to use the item as a port exclusion. If not selected, the port filtering exclusion rule is not applied.
• Port: Shows the port number.
• Protocol: Shows the protocol.
• Connection: Shows the network connectivity permission
• Type: Shows whether the port is Remote or Local.