The Advanced Tab

The Advanced tab holds many miscellaneous advanced options. Here you can also set up your own simple protocols for opening a small hole through your firewall to support an ad hoc protocol. For example, accessing a remote administration web interface that is served from a non-standard port number.

When the Show advanced protocol help check box is ticked, extra information is given in the help text for protocols on the protocol tab. The extra information includes the what kinds of network connections the protocols uses.

The Allow TCP timestamps check box lets you turn TCP timestamps on or off. Leaving TCP timestamps turned on makes it possible for outsiders to calculate how long your machine has been running since it was last booted. nmap -O can do this. Generally, unless you are connected to a high speed network connection chances are you have no good reason to have TCP timestamps turned on.

The Restore to factory defaults clears the firewall configuration and resets it back to how it was the first time Guarddog was run.

Local Dynamic Port Range

The two input fields next to Local Dynamic Port Range allow you to specify the range of port numbers used by the operating system for the source port of new out-going connections. When a connection is made to a port on an external machine, the source port of the connection is usually not specified by the application. It is left up to the operating system to choose a suitable free source port number. The local dynamic port range is just a range of port numbers that the operating system will use when looking for an available source port.

Generally, there is little reason to change this. It might only become important on machines that need to have an unusually high number of connections active at the same time.

DHCP (Dynamic Host Configuration Protocol)

If you are using DHCP to configure a network interface, then you will need to specify the name of the interface(s) in the Enable DHCP on interfaces: widget.

If you are running a DHCP server on a network interface, then you will need to specify the name of the interface(s) in the Enable DHCP server on interfaces: widget.

When entering multiple interface names, separate them using a comma ",".

Import/Export

Import and Export allow you to save the current configuration to a file, and read it back into Guarddog again. When you click on either of these buttons, a file dialog appears and you can choose the file to import from, or export to.

The Description text box allows you enter a short note about the current firewall configuration.

Tip

Export doesn't just export the current firewall configuration, it actually outputs an entire firewall script. The firewall script can then be moved onto another machine and manually installed and run.

User Defined Protocols

In addition to all the protocols that Guarddog supports, it is also possible to specify your own custom protocols.

In the middle of the User Defined Protocols group is the current list of user defined protocols. Use the New Protocol button to create a new blank protocol. The Delete Protocol button naturally deletes the currently selected user defined protocol.

After creating a new protocol you can give it a name using the Name text field. The Type widget lets you specify which IP protocol, TCP or UDP, your user defined protocol uses. With the Port widgets you can specifiy the port or range of ports on the server or remote machine that the protocol must connect to. For UDP protocols use the bidirectional check box to specify if the protocol is bidirectional and requires packets to travel in both directions. Once a user defined protocol has been specified here, it becomes available on the Protocol tab under the User Defined category. There it can be turned on or off just like any other built-in protocol.

Tip

This feature is intended for simple protocols where a server is just serving from a single TCP or UDP port. If you feel that you need to specify a more complex protocol, consider contacting the author so that direct support for it can be added in a future Guarddog release.