Advanced and Low Level Rules
Please note: We strongly recommend you contact the Support Team before making any changes to any of the rules presented here.
The Advanced and Low level rules tabs are a set of default rules that manage the Firewall’s behaviour and how it handles the network traffic. The rules in these two tabs are not related to executable files. They set specific parameters that will determine the Firewall functionality.
You can access the Advanced and Low level rules from BullGuard’s main window > Settings > Advanced > Firewall > Security > Manage advanced firewall rules > Edit.
These default generative rules will establish a pattern-like behaviour for the Firewall. Alongside the currently used network details (computer IP address, network Gateway and DNS), they will trigger the creation of network-specific instantiated rules that will establish how the network traffic is managed.
Instantiated rules: these are the by-product of the current rules from the Application list tab being filtered through the Advanced and Low level rules to which the currently used network details are added. It will result in a series of rules (identifiable in the BullGuard Firewall rules file as MAC_RULES) which will be applied to the incoming and outgoing traffic. Adding or removing rules in the 3 tabs mentioned above will trigger a remaking of the MAC_RULES set. And so will any change in the parameters of those rules.
When changing the network, the Firewall will generate a new set of instantiated rules to match the new network specifications.
Application list rules, Advanced rules and Low level rules priority in the Firewall traffic management:
- Incoming: the Low level rules decide what comes into the computer. If they say that a certain packet is blocked, it will stay blocked until told otherwise. Chain of command is Low level rules > Advanced rules > Applications rules.
- Outgoing: chain of command is Low level rules >Advanced rules > Applications rules, but the Application rules have a VETO right. They have the final word and will override the Low level rules (if such an application rule exists).
We recommended you only modify or create new rules in the Advanced and Low level tabs if you know exactly what details you want to edit or add.
If you made changes to the original rules, click on “Restore default rules” to undo the changes. This will only affect the default rules that are created when you install BullGuard, not user-created rules.
If settings are altered randomly or wrong configurations are entered, it may affect the proper functioning of the BullGuard Firewall (blocking packets, protocols, IPs or ports required for running some applications) or lead to the Firewall blocking the entire network traffic to and from the computer.
The main purpose for editing or creating rules in these two tabs would be customizing the Firewall to either allow some application-specific protocols, ports or packet types that would otherwise be blocked by default as representing a general risk for computers (if there is a support service, application user guide or manual for that specific program, you should be able to find the information needed for configuring the Firewall).
Another purpose would be to configure the Firewall to work within secured environments such as office/corporate networks (the network’s system administrator should be able to tell you what specific network settings need to be entered in the Firewall).
In conclusion, we strongly recommend you contact the Support Team before making any changes to any of the rules presented here.
Opening a port in the Firewall
In the Low level Rules tab, right click any of the present rules and choose the New rule option.
Choose a clear and relevant name for your new rule, such as “Open port 5“ or “Custom IP rule”.
Change the Protocol type as needed. You can choose between TCP, UDP or select several from a custom list. It is necessary to choose the protocol type you wish to open the port for.
Enter the port number you wish to open. If you are trying to open it on your computer, write the port number in the Local ports field. If you want to access a port on a remote computer/sever, enter it in the Remote ports field. You can use both single port numbers and port ranges.
Enter the Local or Remote hosts IP address. The Local host is the IP of the computer you are currently using. The Remote Host is the IP of the computer/server you are trying to open the port for (only the specified remote host will be able to use the newly open port). If you are trying to open a port for general traffic, you will not need to enter a remote host IP.
Enter the Remote Hosts IP address. This is the IP of the computer/server you are trying to open the port for (only the specified remote host will be able to use the newly open port). If you are trying to open a port for general traffic, you will not need to enter a remote host IP.
To allow a computer from a network which is not trusted, you only need to enter the IP address in the Remote Hosts field and choose the protocol type.
You can also select groups of remote hosts by clicking on the “down” arrow from the Remote hosts window and choose the option you need:
A list of explicit addresses: you will need to enter the remote computer’s IP address manually.
Any host from my subnets: will open the port/s selected at Step 4 for all computers available on the subnets (all subnets available in the Subnets tab).
Any hosts from my TRUSTED subnets: will open the port/s selected at Step 4 for all computers available only on the trusted subnets (only subnets that have a check mark in the Subnets tab).
Any hosts from my UNTRUSTED subnets: will open the port/s selected at Step 4 for all computers available only on the untrusted subnets (only subnets that don’t have a check mark in the Subnets tab).
Any of my DNS servers: will open the port/s selected at Step 4 only for the DNS server you are currently using.
Any of my gateways: will open the port/s selected at Step 4 for all gateways currently in use.
Any of my WINS servers: will open the port/s selected at Step 4 for all WINS servers currently in use.
Any multicast address: will open the port/s selected at Step 4 for all multicast addresses.
Any broadcast address: will open the port/s selected at Step 4 for any broadcast address.