Welcome
Welcome to vistafirewallcontrol

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!

Incoming-outgoing/incoming only arrow

Incoming-outgoing/incoming only arrow

Postby Alice Springs » Thu Jun 08, 2017 11:14 am

I would like to suggest replacing the single incoming-outgoing/incoming only arrow with two arrows, namely

An incoming only arrow with the same shaft as the outgoing arrow, but with a head at the other end

An incoming-outgoing arrow with the same shaft as the outgoing arrow, but with heads at both ends
Alice Springs
 
Posts: 45
Joined: Wed May 10, 2017 10:59 am

Re: Incoming-outgoing/incoming only arrow

Postby sp4096 » Thu Jun 08, 2017 7:49 pm

My wish as well. To make things easier to read.
<-- events: connect out, zone rule: just out
--> events: connect in, zone rule: just in
<-> zone rule: both = in/out

Edit: I changed "traffic" to "connect". Thanks VFC. And if left for out confuses, no problem. I've been confused in every firewall I used :)
Last edited by sp4096 on Fri Jun 09, 2017 6:15 pm, edited 1 time in total.
sp4096
 
Posts: 111
Joined: Tue Apr 26, 2016 2:57 am

Re: Incoming-outgoing/incoming only arrow

Postby VistaFirewallControl » Fri Jun 09, 2017 11:09 am

Thank you, your intention is clear.
But please take into account that the arrows are not for traffic direction.
The arrows point to connection direction.
After a connection (in any direction) is established, the traffic is generally bidirectional.
So arrow down (from us to the networks) means Outgoing connection.
Arrow Up - incoming(+outgoing) connection

This was discussed multiple times.
If you have a better idea for connection direction displaying, welcome.
Just please take into account that arrows show connection direction, not traffic
VistaFirewallControl
Site Admin
 
Posts: 1492
Joined: Fri Mar 27, 2009 11:25 am

Re: Incoming-outgoing/incoming only arrow

Postby Alice Springs » Fri Jun 09, 2017 11:41 am

I am sorry, but I don't understand why my suggested arrows are not suitable to use for (the initial) connection direction.
I am only trying to suggest that instead of
>Arrow Up - incoming(+outgoing) connection
which is two possibilities, it would be clearer if there were one possibility per arrow.
Alice Springs
 
Posts: 45
Joined: Wed May 10, 2017 10:59 am

Re: Incoming-outgoing/incoming only arrow

Postby VistaFirewallControl » Fri Jun 09, 2017 12:09 pm

So generally
- making arrows horizontal instead of diagonal. Right?
- regarding bidirectional arrows instead of unidirectional.
In connection with TCP (only) that could be correct.
In connection with other protocols, not connection based, especially UDP, the situation looks as follows.
If you make outgoing UDP evidently, the system enables incoming "connections" (actually dataflow), UDP is connectionsless protocol, so incoming dataflow will be enabled as well. It's determined by IP-stack behavior (i.e. the standard). Meanwhile you did not allow incoming connections evidently. What would be the correct (or clear) arrow direction in this case?
Should the technical correctness be put in a lower priority and the clearness should be the first?
VistaFirewallControl
Site Admin
 
Posts: 1492
Joined: Fri Mar 27, 2009 11:25 am

Re: Incoming-outgoing/incoming only arrow

Postby Alice Springs » Fri Jun 09, 2017 12:42 pm

>UDP is connectionsless protocol
>Should the technical correctness be put in a lower priority and the clearness should be the first?

In the UDP case, I think technical correctness would imply that there shouldn't be any arrow. If I am right about this, then in this case you are already putting clearness first.

Even if I am wrong about the UDP case, I think that for the arrows it is better to have clearness than to have technical correctness.
Alice Springs
 
Posts: 45
Joined: Wed May 10, 2017 10:59 am

Re: Incoming-outgoing/incoming only arrow

Postby VistaFirewallControl » Fri Jun 09, 2017 1:51 pm

Actually the UDP workflow is a bit more complex.....
The sample was UDP outgoing related, UDP incoming has different specifics, i.e. the IP-stack creates so called virtual (system dependent) channels for UDP flows that are valid for about 2 minutes by default and the duration may be prolonged depending on the flow activity.
You can check yourself emulating the UDP flow.....
So what we should do if (for instance) you enabled incoming only (that is rather technically senseless, as the system should not be able to reply without outgoing enabled, but de facto will be able to reply due to channel established during 2 mins at least).
Creating the dynamic arrows following the channel state? The latter is deep inside the system, the real state is not available to applications at all.
Should we add IP theory details into the manual?
Looks like we will not be able to make it clear (more or less) in brief at all....

Anyway changing arrows for every supported protocol is a nightmare taking into account multiple protocols already supported even without adding new protocols.

So practically, it's clear that horizontal arrows are better than the diagonal ones. Right?
All the rest is still foggy as there is no a universal arrow direction compromise.
Is it worth changing the application and the manual for 4 supported languages?
VistaFirewallControl
Site Admin
 
Posts: 1492
Joined: Fri Mar 27, 2009 11:25 am

Re: Incoming-outgoing/incoming only arrow

Postby PietO » Fri Jun 09, 2017 1:52 pm

VistaFirewallControl wrote:So arrow down (from us to the networks) means Outgoing connection.
Arrow Up - incoming(+outgoing) connection


After many years using W10FC, i'm still not used to the current implementation. Thus i'm also in for using a horizontal line (for me arrow pointing to the right is outgoing, otherwise i will be confused again).
PietO
 
Posts: 192
Joined: Wed Mar 02, 2011 12:09 pm

Re: Incoming-outgoing/incoming only arrow

Postby Alice Springs » Fri Jun 09, 2017 2:10 pm

>Is it worth changing the application and the manual for 4 supported languages?
No, not at all.
Alice Springs
 
Posts: 45
Joined: Wed May 10, 2017 10:59 am

Re: Incoming-outgoing/incoming only arrow

Postby VistaFirewallControl » Fri Jun 09, 2017 2:46 pm

So, in order to make it better, we scheduled making arrows horizontal instead of diagonal. The priority would hardly be high, but it's scheduled though.

In connection with the directions
<-- will be incoming
---> outgoing
<--> incoming+outgoing for any protocol, just to distinguish settings evidently made for rules ignoring the protocol specifics.
For the events there will be no <--> as an event is actually a fact of incoming or outgoing only.

Hope it will be more convenient
VistaFirewallControl
Site Admin
 
Posts: 1492
Joined: Fri Mar 27, 2009 11:25 am

Next

Return to What is VistaFirewallControl, features

Who is online

Users browsing this forum: No registered users and 0 guests

cron
suspicion-preferred