Firewall Tab and Filters
The Firewall Tab, which gives you control over the ports allowed on your external connection, greatly enhances WinProxy's security capabilities.
Figure 3.20: The Firewall Tab greatly enhances your network's security by giving you control over external ports.
The following diagram illustrates how the firewall fits into WinProxy:
Figure 3.21: WinProxy's Firewall.
As shown here, the Firewall Tab is where you control the system-level firewall. You can regulate exactly which ports allow TCP and UDP for both incoming and outgoing traffic.
An important point: the settings you make here determine what traffic will be permitted, but they don't automatically enable any protocols. As an example, although you can enable file and printer sharing on your external connection, it won't work unless you also "open up" ports 135-139 for outgoing connections with your firewall settings. There's a very good reason for this: since allowing file and printer sharing on your external connection is a security problem, all but the lowest security setting in WinProxy prohibit these outgoing ports.
The slider shown in the screen shot above allows you to choose from a number of pre-defined security settings. The default setting is Medium, which allows the greatest flexibility with the best security for most users. The lowest settings permit most games, but don't close much at the system-level firewall. With the highest settings, nearly everything is shut off. In addition, ports are allowed only if specified by you with their own filters, as in the pre-defined list (or if you've enabled them elsewhere in WinProxy).
Once you specify filters of your own, the slider vanishes and WinProxy confirms that you're now using custom settings. To return to any default firewall settings, simply click the default button. If any custom filters you've defined won't work under a chosen default setting, WinProxy disables that filter (the filter stays in the list, however, saving you the trouble of figuring out the settings again). The long and short of it is: when using custom settings, the security level you start with does make a difference.
You'll notice that WinProxy places two entries in the filter list. You'll be able to change one, but not the other.
The unchanging filter is the "System Defined Filter." It's a compilation of all of the settings you've made elsewhere in WinProxy-under the Protocols Tab, for example. These settings, which form the core of the Classic Proxy, can't be disabled as group. Changes can only be made to the basic WinProxy settings.
The changeable filter is the preset security level, whose name changes depending on the security level you've selected. Under the Medium setting, for example, it's called "Medium Security Level." It's possible to change these, but we recommend simply changing security levels with the slider and using your own filters to make firewall adjustments. It's instructive, though, to open each of these filters for inspection: click Modify Application, and then analyze what the preset security filters and how they're constructed at each level.
Figure 3.22: An example of a user-defined rule in the security filter.
While you're free to define a range of ports, be careful: it's easy to overstep, opening up more than you intend. Since any one application might take a number of protocols and ranges, you can define as many rules for an application as you need. In the figure above, we're looking at Rule No. 2 of 6 rules. You can step through the rules by using the Previous and Next buttons. To add a new rule to an existing filter, click New Filter. When finished with the rules, click Done.
If you step through the medium security rules you'll see that almost all outgoing TCP and UDP connections are allowed, except for ports 135 through 139-those used by Microsoft for file and printer sharing.
