-
-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hope to add a port blocking feature #242
Comments
For some applications, I would like to allow port 53 for DNS on UDP protocol, but block all other UDP ports. I am waiting for fort to have this capability before I install fort. |
One real annoyance with Windows is that a lot of network traffic ends up showing up as "NT Kernel & System" (ping.exe traffic, for example, and a lot of other traffic). If we could add port/protocol based rules (even globally, not linked to a specific application profile) then we could for instance globally allow things that aren't really major security concerns like ICMP, DNS, etc. Without that, the only option as far as I can tell using Fort is to whitelist "NT Kernel & System". The problem with that is that it then opens up god knows what else to escape out via that broad exemption. If I'm misunderstanding something let me know, but I just thought it might be good to highlight the security importance of this feature. Fort seems to be so close to perfect (open source, great regex wildcard path options, portability, etc) and as far as I can tell, it's only the ability to add (even if only global) traffic rules based on ports and protocols that would let it work as a perfect solution to harden workstation security. This project is far outside my experience, but if I can find the time I'll try to dive in and see if I can manage something. |
It's usually for ping.exe only. I allow the "System" with "Block Internet" flag. DNS is by DNSCache service. Make it trackable SvcHost service, if it doesn't work as separate process.
Yes, it's an important feature. I'm working on it, but it takes a time.. |
Sometimes we block software from accessing specific ports, but can’t block all ports. However, the current fort cannot achieve this purpose. We hope it can be enhanced.
The text was updated successfully, but these errors were encountered: