Opening Port On Firewall, Not For Specific Program

CalMul

I use BD 2013 and found this thread:

http://forum.bitdefender.com/lofiversion/i...php/t41978.html

"I have installed Internet Security 2013 on a PC that I use to host a personal website but with Firewall turned on access to the website is blocked. What are the right Firewall settings to allow http services (port 80) from this PC?

Thanks, Dan "

Answer was:

"If you want to open a specific port you will need to add a rule for the application that uses that port as explained here:

http://forum.bitdefender.com/index.php?showtopic=36066

Uncheck the box 'Any' and you will be able to manually type the port number."

I have the same problem, just a different port.

Please can someone tell me how to add my web interface as a program so that I can add a rule stating the port which should be opened?

Or how can I open the port without choosing the program exe?

Please help!

coolcool1227

You can't create Firewall Rules for specific ports independant of application using Bitdefender, a huge lacking.

Georgia

Hi CalMul,

The Bitdefender product does not allow opening ports as this would be a security breach, especially for someone who is not an advanced PC user.

But there is a way to open any port without having to choose a specific application.

Here's how:

1. Create a Firewall rule for any application (it does not matter which application - for test I used "ieinstal.exe")

- uncheck: local/remote address

- enter the IP: of the server you want to connect to

- port: the port u want to open (for this example I chose port 501, but you can choose any port you want)

- network type: check all

2. Start the PC in Safe Mode

3. In Safe Mode, go to:

C:\Program Files\Bitdefender\Bitdefender 2013\settings\firewall

Open the file "rules.xml" and scroll down to the latest rule - it will be the rule you've just created at step 1. This is what you will see:

<rule action="0" protocol="0" ipVersion="3" direction="3" directPath="0" profileFlags="4294967295" ruleFlags="2" trafficType="7" checkCmdLine="0" md5="A04CEF82046BCF539B33EEF62F0A3825" startHour="0" startMin="0" endHour="23" endMin="59" weekDays="255" parentsHash="0000000000000000">
        <path>c:\program files (x86)\internet explorer\ieinstal.exe</path>
        <cmdLine></cmdLine>
        <local_network address="10.0.0.1" mask="128"></local_network>
        <remote_networks count="1">
            <remote_network address="10.0.0.1" mask="128"></remote_network>
        </remote_networks>
        <local_ports count="1">
            <port_range min="501" max="501"></port_range>
        </local_ports>
        <remote_ports count="1">
            <port_range min="501" max="501"></port_range>
        </remote_ports>
        <remote_macs count="0"></remote_macs>
    </rule>

- delete the text between <path>c:\program files (x86)\internet explorer\ieinstal.exe</path> => now you should have <path></path>

- replace with this string the IP "0000:0000:0000:0000:0000:0000:0000:0000" from <local_network address="10.0.0.1" mask="128"></local_network>

- save the modification and restart Windows normally

From this point, you will have the port of your choice open.

Let me know if you have other questions. Thank you, have a lovely weekend!

jccabezas

Hi,

Bitdefender is going to improve the firewall configuration to include this capability?

Hi CalMul,

The Bitdefender product does not allow opening ports as this would be a security breach, especially for someone who is not an advanced PC user.

But there is a way to open any port without having to choose a specific application.

Here's how:

1. Create a Firewall rule for any application (it does not matter which application - for test I used "ieinstal.exe")

- uncheck: local/remote address

- enter the IP: of the server you want to connect to

- port: the port u want to open (for this example I chose port 501, but you can choose any port you want)

- network type: check all

2. Start the PC in Safe Mode

3. In Safe Mode, go to:

C:\Program Files\Bitdefender\Bitdefender 2013\settings\firewall

Open the file "rules.xml" and scroll down to the latest rule - it will be the rule you've just created at step 1. This is what you will see:

<rule action="0" protocol="0" ipVersion="3" direction="3" directPath="0" profileFlags="4294967295" ruleFlags="2" trafficType="7" checkCmdLine="0" md5="A04CEF82046BCF539B33EEF62F0A3825" startHour="0" startMin="0" endHour="23" endMin="59" weekDays="255" parentsHash="0000000000000000">
        <path>c:\program files (x86)\internet explorer\ieinstal.exe</path>
        <cmdLine></cmdLine>
        <local_network address="10.0.0.1" mask="128"></local_network>
        <remote_networks count="1">
            <remote_network address="10.0.0.1" mask="128"></remote_network>
        </remote_networks>
        <local_ports count="1">
            <port_range min="501" max="501"></port_range>
        </local_ports>
        <remote_ports count="1">
            <port_range min="501" max="501"></port_range>
        </remote_ports>
        <remote_macs count="0"></remote_macs>
    </rule>

- delete the text between <path>c:\program files (x86)\internet explorer\ieinstal.exe</path> => now you should have <path></path>

- replace with this string the IP "0000:0000:0000:0000:0000:0000:0000:0000" from <local_network address="10.0.0.1" mask="128"></local_network>

- save the modification and restart Windows normally

From this point, you will have the port of your choice open.

Let me know if you have other questions. Thank you, have a lovely weekend!

Georgia

Hello,

I can't make any promise about that. Thank you for your feedback!

RGHamilton

Hmmmm,

This is a deal breaker for me. It seems unnecessarily awkward to go into safe mode, edit a file, etc. Several of your competitors make this real easy. I started trying a couple of them this week as a replacement to BD. I REALLY like BD, yet I need to ability to turn on selected ports for internal use. If I need to block outside accessibility, then I can do it through my router firewall.

Yes, I understand that you are trying to draw a balance between making BD easy to use for the novice and still providing great protection, however, you should have an "Advanced User Tab" that allows this capability. You can always put in your disclaimer that it could compromise security if a user makes a mistake.

Maybe I am dreaming, but I thought BD had this capability at one time in a past version. I have been using BD a long time and never had the problem with port access that I have had recently.

Glen

columbo

---------------

---------------

Maybe I am dreaming, but I thought BD had this capability at one time in a past version. I have been using BD a long time and never had the problem with port access that I have had recently.

Glen

Hi Glen,

You are right, the 2011 version had 3 modes, Basic, Intermediate and Expert mode, with the ability of finer grain firewall control.

Scott

coolcool1227

Hmmmm,

This is a deal breaker for me. It seems unnecessarily awkward to go into safe mode, edit a file, etc. Several of your competitors make this real easy. I started trying a couple of them this week as a replacement to BD. I REALLY like BD, yet I need to ability to turn on selected ports for internal use. If I need to block outside accessibility, then I can do it through my router firewall.

Yes, I understand that you are trying to draw a balance between making BD easy to use for the novice and still providing great protection, however, you should have an "Advanced User Tab" that allows this capability. You can always put in your disclaimer that it could compromise security if a user makes a mistake.

Maybe I am dreaming, but I thought BD had this capability at one time in a past version. I have been using BD a long time and never had the problem with port access that I have had recently.

Glen

Hi

This is a world of Novice Users, Advanced Users are at some other planet. Don't waste your time to put your suggestions in trash.

Georgia

Hello,

As it was already mentioned on our forums, the Bitdefender classic line for home users does not allow opening ports as this would be a security breach. The Block Port Scans feature will check if more that 50 ports scan/ second are being scanned, so having a port open is not a safe solution.

Hope you have a beautiful week ahead!

HHC

Hello,

As it was already mentioned on our forums, the Bitdefender classic line for home users does not allow opening ports as this would be a security breach. The Block Port Scans feature will check if more that 50 ports scan/ second are being scanned, so having a port open is not a safe solution.

Hope you have a beautiful week ahead!

Hi

I just bought BD Family Pack, but sad to say I just saw this topic too late. I realy need to have port 81 open for inbound connection to my small server. It worked with my MCafee solution that just ran out, and I decided to go for BD that looked like a better package at first.

I've tried the work-around you mentioned earlier, but that doesn't work - at least for me it doesn't. Maybe I'm missing something? - Here is what I typed in rules.xml:

--------------------------------------------------------

---------------------------------------------------------

I realy need this to function again, otherwise BD is useless to me.

Thanks in advance

Best regards

H. Christensen

TWUK

Just a quick note to say that I have the same problem with BD 2013 - not being able to open specific ports. I can't believe it's not in there. I have to run a number of small websites via IIS, each on ports other than 80. My previous Symantec security product allowed all of these ports. Since switching to BD, I have had to disable the BD firewall completely and revert to creating custom Inbound Rules in Windows Firewall to allow the traffic I need. I think this is a major issue with the BD firewall and needless to say I'll be looking for a replacement product when my year is up. I only use Antivirus and Firewall, and now I've had to turn the firewall off! " />

hemicharg3r

Just a quick note to say that I have the same problem with BD 2013 - not being able to open specific ports. I can't believe it's not in there. I have to run a number of small websites via IIS, each on ports other than 80. My previous Symantec security product allowed all of these ports. Since switching to BD, I have had to disable the BD firewall completely and revert to creating custom Inbound Rules in Windows Firewall to allow the traffic I need. I think this is a major issue with the BD firewall and needless to say I'll be looking for a replacement product when my year is up. I only use Antivirus and Firewall, and now I've had to turn the firewall off! " />

Yep, count me among the many who discovered this too late. Bitdefender, you certainly have the right to decide to omit a key feature in an attempt to "protect" users however since this would have to be sought out and changed typically for advanced users, all you have done is make it easier for me (and many others) to say goodbye. My license expires in 3 months and from reading the forums you are not listening to your customers about adding this back in, so the decision to leave is easy.

HavingProblems

This is a ridiculous workaround and isn't working for me. After several tried swapping in and out of safe mode, all I saw was no change or BSOD. I'm very sorry I purchased BD.

I've got a security camera recorder on my pc. It runs a mobile server so that I can check the cameras remotely. Works fine within my network, but port forwarding to this machine won't work. I've attempted to add programs rules and this kludge of a workaround.

How can I tell what programs is failing the FW? I'd add a program rule, but the camera package has many executables and I'm not finding the write one to add to the rules.

My set-up and what I've tried.

Router: 10.0.1.1

PC: 10.0.1.210

Connecting to localhost:8081 works fine.

Connecting to 10.0.1.210:8081 from any other machine on my network works fine.

Connecting to mydomain.com:8081 fails. I have other port forwarding that works fine through that domain. Also, if I turn off BD FW, I get a successful connection.

Remote connections are done through a mobile server. I've attempted to add every executable related to that mobile server to the Application Rules. Not working.

I attempted this workaround. Manually editing that file to open port 8081 and 8082 for 10.0.1.210 got me the BSOD.

Apparently useful functionality is considered a security risk in BD. Maybe you should carry a warning in your adverts that this product is for novices only. " /> I'm upset and this post is a little hot since I've wasted hours on something that should have taken minutes. Not intending to flame you Georgia. Any additional suggestions would be appreciated.

Hi CalMul,

The Bitdefender product does not allow opening ports as this would be a security breach, especially for someone who is not an advanced PC user.

But there is a way to open any port without having to choose a specific application.

Here's how:

1. Create a Firewall rule for any application (it does not matter which application - for test I used "ieinstal.exe")

- uncheck: local/remote address

- enter the IP: of the server you want to connect to

- port: the port u want to open (for this example I chose port 501, but you can choose any port you want)

- network type: check all

2. Start the PC in Safe Mode

3. In Safe Mode, go to:

C:\Program Files\Bitdefender\Bitdefender 2013\settings\firewall

Open the file "rules.xml" and scroll down to the latest rule - it will be the rule you've just created at step 1. This is what you will see:

<rule action="0" protocol="0" ipVersion="3" direction="3" directPath="0" profileFlags="4294967295" ruleFlags="2" trafficType="7" checkCmdLine="0" md5="A04CEF82046BCF539B33EEF62F0A3825" startHour="0" startMin="0" endHour="23" endMin="59" weekDays="255" parentsHash="0000000000000000">
        <path>c:\program files (x86)\internet explorer\ieinstal.exe</path>
        <cmdLine></cmdLine>
        <local_network address="10.0.0.1" mask="128"></local_network>
        <remote_networks count="1">
            <remote_network address="10.0.0.1" mask="128"></remote_network>
        </remote_networks>
        <local_ports count="1">
            <port_range min="501" max="501"></port_range>
        </local_ports>
        <remote_ports count="1">
            <port_range min="501" max="501"></port_range>
        </remote_ports>
        <remote_macs count="0"></remote_macs>
    </rule>

- delete the text between <path>c:\program files (x86)\internet explorer\ieinstal.exe</path> => now you should have <path></path>

- replace with this string the IP "0000:0000:0000:0000:0000:0000:0000:0000" from <local_network address="10.0.0.1" mask="128"></local_network>

- save the modification and restart Windows normally

From this point, you will have the port of your choice open.

Let me know if you have other questions. Thank you, have a lovely weekend!

reinaldocfilho

Hello,

As it was already mentioned on our forums, the Bitdefender classic line for home users does not allow opening ports as this would be a security breach. The Block Port Scans feature will check if more that 50 ports scan/ second are being scanned, so having a port open is not a safe solution.

Hope you have a beautiful week ahead!

This excuse isn't correct since I want to block an IP address (not a security breach) without specifying a program and it's also impossible, it's a huge lack of settings in the firewall, I'll stop using it and come back to Windows Firewall that's way better than this one.

Also, when disabling the BitDefender firewall to use Windows Firewall (THAT WORKS LIKE IT SHOULD WORK) BitDefender keeps annoying showing that I have an issue into my security system by not using it's faulty firewall.