In the Advanced Firewall Settings, you can manually configure BlackICE Defender to accept (allow) or reject (block) a port or an IP address.
For BlackICE Defender version 2.5, the following is the procedure for modifying the Advanced Firewall Settings:
- Left click on the BlackICE icon in the system tray to open the user interface.
- Select "Tools" & then "Advanced Firewall Settings".
The following is what you will see with BlackICE Defender, version 2.5:
Note that there is both an IP address & a Port tab whose fields are blank when no changes have been made.
To add an IP address, click the "IP address" tab & then "Add". The following is what you will see:
Note the difference between when the option to Reject or Accept an IP address is selected.
Enter the IP address for the computer(s) you wish to Accept (allow) or Reject (block). Use the standard 000.000.000.000 notation. To specify an IP address range, place a dash between each distinct IP address (no spaces). For example, 192.168.10.23-192.168.10.32.
Select the type of firewall settings:
Accept: When an address has an Accept setting, BlackICE explicitly allows all traffic from that IP address. However, the intrusion detection engine still reports attacks from that accepted address. Therefore, if BlackICE detects a direct attack from the accepted address, depending on the attack, it may auto-block the address and override the accept setting.
If you wish to also trust the address, check Add Trusted Address Entry. Trusted and accepted addresses are completely free from any intrusion monitoring and blocking.
Reject: This setting explicitly blocks any access for an IP address. IP address blocks stop all traffic from the selected address.
In the Length of Block box, select the duration of the firewall block: hour, day, month, or forever. All limited durations begin at the time the firewall entry is created.
To add a port, click the "Port" tab & then "Add". The following is what you will see:
You then give this setting a name, such as HTTP or DHCP. Type in the port number & select whether it is a TCP or UDP port. Then select "accept" or "Reject"& set the expiration date.
For BlackICE Defender version 2.9, the following is the procedure for modifying the Advanced Firewall Settings:
- Left click on the BlackICE icon in the system tray to open the user interface.
- Select "Tools" & then "Advanced Firewall Settings".
The following is what you will see with BlackICE Defender, version 2.9:
Note that in version 2.9, there is no separate tab for IP addresses & ports.
To add an entry for an IP address or port, click "Add". The following is what you will see:
As you can see, the IP addresses tab and the Ports tab of version 2.5 has been replaced by the above dialog box. The procedure for adding IP addresses & ports is basically the same as with version 2.5.
One added feature in version 2.9 is that you now have the ability to create accept or reject rules using the combination of an IP address and port specification. Hence you can have a rule that does the following:
- Accept or reject a specific IP address from accessing a specific port
- Accept or reject a specific IP address from accessing a port range
- Accept or reject an IP address range from accessing a specific port
- Accept or reject an IP address range from accessing a port range
