• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Firewall User Interface is confusing

The text in the dialogs and in the help files lacks the required precision. At least the Norwegian variant does.

The dialog where the firewall rules are shown, fails to communicate to the user that the "both in and out" option applies to datagrams where both the sender and the receiver port numbers fit the rule. This is stated in the help page, but users only dicover that after having pulled their hair out for hours.

The dialog also fails to tell that the rules apply to the first datagram between two endpoints (sender host/port, receiver host/port). If the first datagram is allowed by the rules, all further datagrams in both directions will be allowed as well.

The dialog also fails to explain how "General" rules and "Secondary" rules are related. It does say that "Secondary" rules are consulted after "General" rules, but it does not tell which have priority. It only says that within each list, earlier rules override later ones. But what is the point of having two lists?

If a rule in the general list matches, will the secondary list be consulted?

Today I could not use the internet from this computer, because there was no working dns lookup.

I had reconfigured the router a few days ago, making its dhcp server advertise the dns server 8.8.8.8 rather than the routers built-in dns resolver, because the latter resolver has become unbearingly slow and everything started to time out. (The root cause here is probably underprovisining at my ISP who control the router setup and directs it to use the ISP's dns server.)

I had no rule in the firewall to allow outgoing UDP/53 traffic. There was a rule named Standard Incoming DNS which allows incoming UDP/53. Did I create that rule? I can't remember, but it is also impossible to remember all the desperate attempts one make to solve problems when conditions are confusing. I now changed the rule to allow outgoing UDP/53, and after that DNS works.

Finally, I wish there were a button to produce an ascii listing of all the firewall rules in the order applied, with complete information. It is extremely annoying having to peep through the minuscule dialog window, and open each and every rule in a separate window just to see what destinations and ports are affected.

Regards