[Back to Index]
The Hits View
The Hits view is where the action is. Whenever something gets blocked
by the firewall it will show up on this list.
There is no need to react to the entries that show up on the list, they have
already been blocked. There are however many actions you can apply to the
already blocked hits that will affect how the firewall will treat similar hits
in the future.
Managing the Hits View
Clearing the Hits view
Pressing the Clear button on the toolbar
will clear the view of all hits currently in memory.
Reloading the Hits
Pressing the Reload button on the toolbar
will read in all the hits from the system log files into memory and show
them on the Hits view. If the system logs are very large this could take
a long time on slower machines.
Saving the Hits to disk
Pressing the Save button on the toolbar
will save the currently shown hits to a plain-text file. The
plain-text file is in human readable format and can not be re-imported into
Firestarter.
Customizing the Hits view
A lot more information is stored about the hits than what you see by default.
To protect the user from information overload we have pre-selected some
of the most common properties to show for the hits.
The Hits view can be customized from the View menu and the Hit columns submenu.
Choosing a title from the list will either show or hide the column on the Hits view.
The keyboard shortcuts Control-0 trough Control-9 will also show or hide an specific column.
Acting on the Hit Entries
By right clicking on an selected hit in the view, several options are presented
to the user in the context menu.
- Block Host - Selecting this will add the source machine of the hit to the
Blocked Hosts list on the Rules page. All future hits from the host will be
immediately blocked and will not show up again in the Hits view.
- Trust Host - This option adds the source of the hit to the Trusted Hosts
list on the Rules page. All future connection attempts will be allowed from
this machine, no more hits from the source will show up in the Hits view again.
- Open Port - This adds the destination port of the hit in question to the
list Open Ports list on the Rules page. Everyone can now connect to the port
and no more hits will show up for this port.
- Open Port For This Host Only - Adds the port and host combination to the
list of Stealthed Ports on the Rules page. The source host will be able to
connect to the port, but no one else (unless overridden by another rule).
- Block And Stop Logging Port - Adds the port to the Blocked Ports list.
Although the connection was already blocked to the specified port (that's why it showed
up in the Hit view), this option keeps hits for this port from showing up
again. This is an effective filter that can radically cut down on the number
of hits you will receive on noisy networks.
- Lookup Hostname - This option will convert the source IP from
dotted decimal value to a valid human readable hostname. Selecting the same
option a second time will reverse the name back into number format. There
is an option in the Preferences to automatically
perform this operation on every hit.
[Back to Index]