DoorStop X Firewall
User's Guide

DoorStop X Basics

Key Concepts

DoorStop X is a software firewall. Firewalls in general protect network services from undesired access. (12, Firewall Basics) DoorStop specifically protects Internet services, such as Web Sharing and File Sharing, on the machine on which it is running. DoorStop's protection is in addition to any protection provided by the service itself, such as account names and passwords.

With DoorStop X, you tell DoorStop which Internet services to protect, and how each service should be protected, on a service-by-service basis. DoorStop also provides protection for all Internet services not explicitly specified. For maximum security, the default protection for explicitly specified services and for "all other" services is set to deny all access. You can use DoorStop X to specify other types of protection for each service. A service can be protected so that anyone can access it, no one can access it, or only certain machines can or cannot access it.

IP addresses (6, IP Addresses and Host Names)

A computer on any network, including the Internet, is located by means of its IP address. There are currently two forms of IP address:

IP addresses can be specified in DoorStop as a single IP address, a range of IP addresses that start with a certain value, or a range of IP addresses corresponding to a subnet. A subnet is a local area network that is part of a larger intranet, or of the Internet.

Note for power users: On a machine configured with multiple IP addresses, the security settings specified in DoorStop (client addresses and type of protection for each service) apply to all IP addresses configured on that machine.

Ports (6, Port Numbers)

Internet services communicate by means of ports, with each service using a unique port number. For instance, Web Sharing usually uses port 80, and File Sharing uses port 548. Sometimes services are run on alternate ports, however. For instance, if two Web servers are running on the same machine, they could not both use the same port number -- one of them would be assigned an alternate port number.

Packets & protocols (6, Protocols)

When data is sent over a network, it is broken down into small units called packets. For example, a large text document sent over a network might consist of many packets, sent one after the other until the entire document has been sent. Many networks, and the Internet in particular, have an enormous number of packets being sent back and forth between machines. To keep things orderly, packets are sent in a well-defined way, using network protocols. DoorStop can protect the three most commonly used protocols:


Using DoorStop X

In its default configuration, DoorStop X protects all TCP-based services running on your machine. Such services include File Sharing and Web Sharing, among others. If you install DoorStop using the default settings in the Setup Assistant, or if you skip the Setup Assistant altogether, no one will be able to access these or any other TCP-based services. You might, however, want to further configure DoorStop, for one or more reasons:

  1. If you're actually running TCP-based services, such as File Sharing, you'll need to allow access to that service for at least some other machines (if not all) on your network or on the Internet. Start by going to Protecting Basic Services.
  2. If you want to protect UDP-based services, you can do so in DoorStop's Preferences dialog. See UDP protection.
  3. Logging of DoorStop's actions (on by default) gives you the raw data you need in order to be aware of possible security violations or violation attempts (see Logging for details). If you're running an Internet service, however, such as Web Sharing, you may want to disable logging of allowed accesses, if your site is getting a lot of traffic.
  4. If your network runs IPv6, you need to allow it through DoorStop. See IPv6 protection.

For details of configuring DoorStop, start with Protecting Basic Services.

Back to Table of Contents
Back to Getting Started
Forward to Protecting Basic Services