Filters

Tuesday, May 26, 2015 10:37:58 AM

Thinking behind Filters is simple. On average machine there are lots of connections and Filters will allow you select only those you are interested in. For example if you would like to monitor (or control) internet traffic generated by Internet Explorer, you have to create Filter which puts together all connections generated by IE main executable - the iexplore.exe. Then if you apply any Rules to this filter, they will be applied to all connections created by IE.

Custom Filters

If you want to control IE you don't need to create a Filter - this does NetLimiter Client for you automaticaly - it keeps all active connections in Activity view sorted by processes where they were created. You can just click and set limits.

But if would like to monitor traffic generated by all web browsers and to a specific site, you have to create a custom Filter.

Filter editor

If you would like to create a custom Filter, you have use Filter editor. You can open it by clicking Filter List Tab in Activity View which displays list of current Filters and then select Add filter.

After you create your Filter it will appear on Filter Tab and it will be also displayed in the Activity tab.

/img/docs/FltEd-4.0.56.PNG

There are several available options:

  • Filter name: Just give you Filter a name to find more easily among other Filters.
  • Filter type: There are three options: Zone, Composite and Filter. If you choose Zone then this filter will be treated like a Zone - will appear in a list of Zones and you will be able to use as other Zones which are all the Filters as well. By selecting Composite you will be allowed to create from other Filters. Finally, if you choose Filter you will create a normal Filter without any special purposes.
  • Per-Type: Only functional for Limit rules. If you select Per-Connection, Per-Process or Per-Application then a limit will not be applied to the Filter as a whole, but instead it will be applied to every Connection, Process or Application which belongs to the Filter.
  • Filter functions: Set of Filter functions defines the Filter. It is most important part and we will cover it next sub-chapter.

Filter functions

To add a single Filter Function (FF) to your Filter just click Add button in Filter functions section of Filter editor. It opens Filter Function editor.

/img/docs/FltFunEd-4.0.56.PNG

First of all you have choose a type of FF. Names of FFs are quite self-explanatory. For example if you select Application path is not and add path to IE executable (iexplore.exe) as a Value then final Filter will work (monitor or control) with all connections, except for those which originated in IE.

If you add multiple values to a FF then they will work in conjuction... they will be evaluated with logical OR. So if choose FF Application path is and Add a path to IE executable and path to Firefox exe, then the final Filter will catch all connections from IE OR Firefox.

On the other hand - if you add multiple Filter functions to your Filter then they will be evaluated with logical AND. If you add one FF Application path is with value of IE executable and second FF {Remote address in range} with value 171.0.0.0 - 171.0.0.255 (IP address range) then the final filter will catch all connections that are from IE AND the remote machine (a web server - in most cases) has IP address from the defined Range.

List of all Filter functions

Application is and Application is not : Used for Windows system services and Store apps.

Application path is and Application path is not : Filter applications by their full path (c\dir1\dir2\appdir\app.exe).

Application path contains and Application path does not contain : Filter applications by a part of their path (like dir2\appdir from c\dir1\dir2\appdir\app.exe).

Is loopback traffic and Is not loopback traffic : Filters all localhost/loopback traffic. It is a traffic from one program to another program on a same machine. Usually using 127.0.0.1 ip address.

Local address in range and Local address not in range : Filters traffic by its local Ip address.

Remote address in range and Remote address not in range : Filters traffic by its remote Ip addresses.

Local port in range and Local port not in range : Filters traffic by its local port numbers.

Remote port in range and Remote port not in range : Filters traffic by its remote port numbers. To filter traffic generated by your web browsers just use port number 80 (http) and 443 (https).

Network is and Network is not : Filters traffic by networks.

Remote host is on Internet and Remote host is not on Internet : Filters all traffic that goes/doesn't go to or from Internet zone.

Remote host is on Local Network and Remote host is not on Local Network : Filters all traffic that goes/doesn't go to or from Local Network zone.

Transport protocol is and Transport protocol is not : Filters traffic by type of transport protocol. Most common are TCP and UDP.

User is and User is not : Filters traffic by local user account.

Tag is and Tag is not : Filters traffic by Tags.

Is Forwarded traffic and Is not Forwarded traffic : Filters all forwarded/through-going traffic. Forwarded traffic does not originate on the local machine or/and the machine isn't its destination. It passes through the machine.

Domain name is and Domain name is not : Filters traffic by Domain name of the remote machines. You can use full domain like youtube.com or partial name using wildcard characters * and ? like *tube.com, which filter all connections with remote host domain containing tube.com at its end.