Firewall Settings

On the Firewall settings tab, you can view and change the network adapter and traffic alerting settings.

Selection
Description
Packet Filter
Drop fragments shorter than
If an IP fragment is shorter than the specified limit, it will be dropped. This should usually be enabled, as short fragments do not appear in most situations.
Block all IPv6 (Internet Protocol version 6) traffic
Blocks all Internet Protocol version 6 network traffic. Uncheck this option only if you are running the IPv6 protocol and want the firewall to allow IPv6 traffic. Be aware that allowing all IPv6 traffic without any filtering is a security risk.
Trusted network adapter
Trusted network adapter
 
This is used if the computer with the firewall installed works as a gateway for other computers.
 
 
A common situation where this mechanism is used is when the Internet Connection Sharing mechanism is used; the sharing computer is allowing other local computers to share its Internet connection, usually by connecting them to a spare Ethernet interface on the sharing computer. To avoid the firewall blocking them, this interface to the local computers has to be set as the Trusted interface. This is a potentially dangerous operation, as the Trusted Interface will be left completely open. So it is very important that the correct interface is chosen, and that all computers that can connect to that interface are completely trustworthy.
IP address
This field shows the IP address of the trusted network adapter. It is very important that you verify that the correct interface is chosen, so that you do not accidentally open up the interface connected to the Internet. If Internet Connection Sharing is used the trusted network adapter should have the IP address 192.168.0.1.
Suspicious Traffic Alerting
Alert on illegal packets
Alert on illegal packets will alert about packets that do not comply with the protocol they are supposed to follow.
Alert on short fragments
Alert on short fragments will generate an alert if an IP fragment is shorter than the limit specified in the Drop packets shorter than setting. Short fragments can be an indication of a fragmentation attack, but they can also be caused by network problems. If you get many alerts and they are not caused by an attack, you can disable this alerting.
Alert on illegal fragments
Alert on illegal fragments will generate an alert if an fragmented IP datagram is not conforming to the IP protocol. This is often an indication of a Denial-of-Service (DoS) attack, or a faulty network device or software. It is a very useful alert that will usually not generate false positives, and should be enabled.


F-Secure Corporation
www.F-Secure.com
Product Support