Firewall Rules - 3 Questions

I'm new to Bitdefender, but not new to technology. I have configured the BD firewall application behavior to Automatic, so I can be prompted to Allow/Block access requested by applications. On the pop-up notifications, I usually see BD identify the App path, IP address, port, and protocol for me to use in deciding what to do. Once I Allow/Block, BD creates a new firewall rule. Strangely, BD seems to build the rule as ANY/ANY (any network, any protocol, any port, and any IP address) bidirectional.

(1) Since BD knows the details of the traffic from the request, why isn't the rule based on the network specifics (IP, port, protocol, direction)?

(2) I can ping out but have no rule to allow ICMP traffic. Are there default rules that we're unable to see in the firewall UI?

(3) Why is there not a mechanism to order and prioritize rules, or is such functionality not needed for some reason?

Thanks!

Tagged:

Answers

  • Is anyone from Bitdefender on who can share some insights?

  • Scott
    Scott ✭✭✭✭✭

    Hi @BD_User1

    That would be @Alexandru_BD or @Mike_BD who can answer those questions for you. Hopefully, they will be able to reply to you tomorrow.

    Regards,

    Scott

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • Alexandru_BD
    Alexandru_BD admin
    edited March 2023

    Hi @BD_User1,

    Not sure what to say about point 1. In regards to point 2, I can tell you that default rules exist, but I don't have instructions on how to allow ICMP traffic. In regards to a mechanism of prioritizing rules, I think such functionality is not required, because the concept here is to leave everything on automatic for practical purposes, so that the user doesn't have to check and toggle through the rules all the time.

    But the engineers might have more insight on this and I would recommend asking them. You can use the link below to get in touch and maybe they can share more information:

    https://www.bitdefender.com/consumer/support/help/

    If you find the answers you are looking for, kindly share them with us as well, they will prove very useful to our community.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • Thanks, Scott and Alexandru for the feedback.

    I think my question #1 is a big deal from a security perspective Only the least privilege should be granted and the BD rules that get created are wide open for the given application and shouldn’t be.

    For my question #2, ICMP/ping works, but there is no explicit allow rule to explain why it works. So, I’m guessing that default rules we cannot see must be processing the traffic.

    I will follow your instructions and check with Support. Thank you!