D-Link NetDefendOS User Manual page 263

Chapter 3: Fundamentals
The name parameter must always be the first in a search but the asterisk "*" character can be
used as a wildcard. For example:
gw-world:/> appcontrol -name=* -family=mail -risk=HIGH
As demonstrated earlier, the -save_list option is used to save a filter list so it can be used with IP
rules and IP policies.
Managing Filters
As shown in the application example above for controlling BitTorrent, the appcontrol CLI
command is also used to create saved filters which are then used with the CLI in ApplicationRule
objects. For example, the following will create a saved filter for BitTorrent:
gw-world:/> appcontrol -filter -application=bittorrent,utp -save_list
The -application parameter specifies the individual signatures by name. An alternative is to use
the -name parameter which allows wildcarding and searches the signatures names looking for
character pattern matches. For example, we could have specified:
gw-world:/> appcontrol -filter -name=bit* -save_list
All the signatures with names that begin with the prefix bit would have been selected. It would
not have been possible to select bittorrent and utp using the -name parameter.
All the saved filters can be displayed with the command:
gw-world:/> appcontrol -filter -show_lists
To delete all saved filters, use the command: All the saved filters can be deleted with the
command:
gw-world:/> appcontrol -delete_lists=all
Individual saved filters can be deleted by specifying the number of the filter after -delete_lists=.
Selecting All Signatures
If the administrators aim is to find out what applications users are accessing, application control
can be used to do this by triggering on all signatures and allowing instead of blocking the traffic.
The log events generated will indicate the applications that are being detected.
Selecting all signatures is done through a checkbox in the Web Interface and can be done with
the CLI by using wildcarding with an ApplicationRuleSet object. The CLI cannot be used when
using application control directly with IP rules.
Signature Inheritance
The application control signatures have a hierarchical structure and it is important to remember
that permissions are also inherited. An example of this is the http signature. If the administrator
configures application control to block all http traffic they are also blocking all applications that
use http such as facebook and dropbox.
However, if the administrator configures application control to allow the http signature they are
also allowing all applications that use http. For instance, the signature for DropBox is a child of
the http signature so allowing http traffic also allows dropbox traffic. If dropbox is to be blocked
while still allowing http, it must be blocked separately.
263