Help - Search - Members - Calendar
Full Version: Opening Port On Firewall, Not For Specific Program
Bitdefender Forum > English > Home & Home Office Protection > Bitdefender 2013 Products > Firewall
CalMul
I use BD 2013 and found this thread:
http://forum.bitdefender.com/lofiversion/i...php/t41978.html

"I have installed Internet Security 2013 on a PC that I use to host a personal website but with Firewall turned on access to the website is blocked. What are the right Firewall settings to allow http services (port 80) from this PC?

Thanks, Dan "


Answer was:
"If you want to open a specific port you will need to add a rule for the application that uses that port as explained here:

http://forum.bitdefender.com/index.php?showtopic=36066

Uncheck the box 'Any' and you will be able to manually type the port number."


I have the same problem, just a different port.
Please can someone tell me how to add my web interface as a program so that I can add a rule stating the port which should be opened?

Or how can I open the port without choosing the program exe?

Please help!
ONT
You can't create Firewall Rules for specific ports independant of application using Bitdefender, a huge lacking.
Georgia
Hi CalMul,

The Bitdefender product does not allow opening ports as this would be a security breach, especially for someone who is not an advanced PC user.

But there is a way to open any port without having to choose a specific application.

Here's how:

1. Create a Firewall rule for any application (it does not matter which application - for test I used "ieinstal.exe")
- uncheck: local/remote address
- enter the IP: of the server you want to connect to
- port: the port u want to open (for this example I chose port 501, but you can choose any port you want)
- network type: check all

2. Start the PC in Safe Mode

3. In Safe Mode, go to:

C:\Program Files\Bitdefender\Bitdefender 2013\settings\firewall

Open the file "rules.xml" and scroll down to the latest rule - it will be the rule you've just created at step 1. This is what you will see:

CODE
<rule action="0" protocol="0" ipVersion="3" direction="3" directPath="0" profileFlags="4294967295" ruleFlags="2" trafficType="7" checkCmdLine="0" md5="A04CEF82046BCF539B33EEF62F0A3825" startHour="0" startMin="0" endHour="23" endMin="59" weekDays="255" parentsHash="0000000000000000">
        <path>c:\program files (x86)\internet explorer\ieinstal.exe</path>
        <cmdLine></cmdLine>
        <local_network address="10.0.0.1" mask="128"></local_network>
        <remote_networks count="1">
            <remote_network address="10.0.0.1" mask="128"></remote_network>
        </remote_networks>
        <local_ports count="1">
            <port_range min="501" max="501"></port_range>
        </local_ports>
        <remote_ports count="1">
            <port_range min="501" max="501"></port_range>
        </remote_ports>
        <remote_macs count="0"></remote_macs>
    </rule>


- delete the text between <path>c:\program files (x86)\internet explorer\ieinstal.exe</path> => now you should have <path></path>
- replace with this string the IP "0000:0000:0000:0000:0000:0000:0000:0000" from <local_network address="10.0.0.1" mask="128"></local_network>
- save the modification and restart Windows normally

From this point, you will have the port of your choice open.

Let me know if you have other questions. Thank you, have a lovely weekend!
JCC
Hi,

Bitdefender is going to improve the firewall configuration to include this capability?



QUOTE (Georgia @ May 4 2013, 04:29 AM) *
Hi CalMul,

The Bitdefender product does not allow opening ports as this would be a security breach, especially for someone who is not an advanced PC user.

But there is a way to open any port without having to choose a specific application.

Here's how:

1. Create a Firewall rule for any application (it does not matter which application - for test I used "ieinstal.exe")
- uncheck: local/remote address
- enter the IP: of the server you want to connect to
- port: the port u want to open (for this example I chose port 501, but you can choose any port you want)
- network type: check all

2. Start the PC in Safe Mode

3. In Safe Mode, go to:

C:\Program Files\Bitdefender\Bitdefender 2013\settings\firewall

Open the file "rules.xml" and scroll down to the latest rule - it will be the rule you've just created at step 1. This is what you will see:

CODE
<rule action="0" protocol="0" ipVersion="3" direction="3" directPath="0" profileFlags="4294967295" ruleFlags="2" trafficType="7" checkCmdLine="0" md5="A04CEF82046BCF539B33EEF62F0A3825" startHour="0" startMin="0" endHour="23" endMin="59" weekDays="255" parentsHash="0000000000000000">
        <path>c:\program files (x86)\internet explorer\ieinstal.exe</path>
        <cmdLine></cmdLine>
        <local_network address="10.0.0.1" mask="128"></local_network>
        <remote_networks count="1">
            <remote_network address="10.0.0.1" mask="128"></remote_network>
        </remote_networks>
        <local_ports count="1">
            <port_range min="501" max="501"></port_range>
        </local_ports>
        <remote_ports count="1">
            <port_range min="501" max="501"></port_range>
        </remote_ports>
        <remote_macs count="0"></remote_macs>
    </rule>


- delete the text between <path>c:\program files (x86)\internet explorer\ieinstal.exe</path> => now you should have <path></path>
- replace with this string the IP "0000:0000:0000:0000:0000:0000:0000:0000" from <local_network address="10.0.0.1" mask="128"></local_network>
- save the modification and restart Windows normally

From this point, you will have the port of your choice open.

Let me know if you have other questions. Thank you, have a lovely weekend!

Georgia
Hello,

I can't make any promise about that. Thank you for your feedback!
RGHamilton
Hmmmm,
This is a deal breaker for me. It seems unnecessarily awkward to go into safe mode, edit a file, etc. Several of your competitors make this real easy. I started trying a couple of them this week as a replacement to BD. I REALLY like BD, yet I need to ability to turn on selected ports for internal use. If I need to block outside accessibility, then I can do it through my router firewall.

Yes, I understand that you are trying to draw a balance between making BD easy to use for the novice and still providing great protection, however, you should have an "Advanced User Tab" that allows this capability. You can always put in your disclaimer that it could compromise security if a user makes a mistake.

Maybe I am dreaming, but I thought BD had this capability at one time in a past version. I have been using BD a long time and never had the problem with port access that I have had recently.

Glen
columbo
QUOTE (RGHamilton @ May 14 2013, 03:32 PM) *
---------------
---------------

Maybe I am dreaming, but I thought BD had this capability at one time in a past version. I have been using BD a long time and never had the problem with port access that I have had recently.

Glen


Hi Glen,

You are right, the 2011 version had 3 modes, Basic, Intermediate and Expert mode, with the ability of finer grain firewall control.

Scott
Georgia
Hello,

As it was already mentioned on our forums, the Bitdefender classic line for home users does not allow opening ports as this would be a security breach. The Block Port Scans feature will check if more that 50 ports scan/ second are being scanned, so having a port open is not a safe solution.

Hope you have a beautiful week ahead!
HHC
QUOTE (Georgia @ Jul 15 2013, 08:56 AM) *
Hello,

As it was already mentioned on our forums, the Bitdefender classic line for home users does not allow opening ports as this would be a security breach. The Block Port Scans feature will check if more that 50 ports scan/ second are being scanned, so having a port open is not a safe solution.

Hope you have a beautiful week ahead!



Hi
I just bought BD Family Pack, but sad to say I just saw this topic too late. I realy need to have port 81 open for inbound connection to my small server. It worked with my MCafee solution that just ran out, and I decided to go for BD that looked like a better package at first.
I've tried the work-around you mentioned earlier, but that doesn't work - at least for me it doesn't. Maybe I'm missing something? unsure.gif - Here is what I typed in rules.xml:
--------------------------------------------------------
Click to view attachment

---------------------------------------------------------

I realy need this to function again, otherwise BD is useless to me. dry.gif
Thanks in advance
Best regards
H. Christensen
TWUK
Just a quick note to say that I have the same problem with BD 2013 - not being able to open specific ports. I can't believe it's not in there. I have to run a number of small websites via IIS, each on ports other than 80. My previous Symantec security product allowed all of these ports. Since switching to BD, I have had to disable the BD firewall completely and revert to creating custom Inbound Rules in Windows Firewall to allow the traffic I need. I think this is a major issue with the BD firewall and needless to say I'll be looking for a replacement product when my year is up. I only use Antivirus and Firewall, and now I've had to turn the firewall off! angry.gif
hemicharg3r
QUOTE (TWUK @ Jan 4 2014, 12:42 PM) *
Just a quick note to say that I have the same problem with BD 2013 - not being able to open specific ports. I can't believe it's not in there. I have to run a number of small websites via IIS, each on ports other than 80. My previous Symantec security product allowed all of these ports. Since switching to BD, I have had to disable the BD firewall completely and revert to creating custom Inbound Rules in Windows Firewall to allow the traffic I need. I think this is a major issue with the BD firewall and needless to say I'll be looking for a replacement product when my year is up. I only use Antivirus and Firewall, and now I've had to turn the firewall off! angry.gif


Yep, count me among the many who discovered this too late. Bitdefender, you certainly have the right to decide to omit a key feature in an attempt to "protect" users however since this would have to be sought out and changed typically for advanced users, all you have done is make it easier for me (and many others) to say goodbye. My license expires in 3 months and from reading the forums you are not listening to your customers about adding this back in, so the decision to leave is easy. dry.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.