Kerio Tech Firewall6 manual Source Port and Destination Port, Protocol Inspectors, 179

12.3 Services

Source Port and Destination Port

If the TCP or UDP communication protocol is used, the service is defined with its port number. In case of standard client-server types, a server is listening for con- nections on a particular port (the number relates to the service), whereas clients do not know their port in advance (port are assigned to clients during connection attempts). This means that source ports are usually not specified, while destination ports are usually known in case of standard services.

Note: Specification of the source port may be important, for example during the definition of communication filter rules. For details, refer to chapter 6.3.

Source and destination ports can be specified as:

Figure 12.8 Service definition — source and destination port setting

•Any — all the ports available (1-65535)

•Equal to —a particular port (e.g.80)

•Greater than, Less than — all ports with a number that is either greater or less than the number defined

•Not equal to — all ports that are not equal to the one defined

•In range — all ports that fit to the range defined (including the initial and the terminal ones)

•List — list of the ports divided by comas (e.g. 80,8000,8080)

Protocol Inspectors

WinRoute includes special plug-ins that monitor all traffic using application protocols, such as HTTP, FTP or others. The modules can be used to modify (filter) the communica- tion or adapt the firewall’s behavior according to the protocol type. Benefits of protocol inspectors can be better understood through the two following examples:

1.HTTP protocol inspector monitors traffic between clients (browsers) and Web servers. It can be used to block connections to particular pages or downloads of particular objects (i.e. images, pop-ups, etc.).

2.With active FTP, the server opens a data connection to the client. Under certain conditions this connection type cannot be made through firewalls, therefore FTP

179