There are two types of protection mechanisms--static port
blocking and automatic IP address-blocking.
You can control static port blocking by changing the Protection Level.
At protection level "Trusting", no ports are
blocked. At protection level "Cautious", TCP and UDP ports 0 to 1023
are blocked. At protection level "Nervous", all TCP ports are blocked
and UDP ports 0 to 1023 are blocked. At protection level "Paranoid",
all UDP and TCP ports are blocked; effectively blocking any unsolicited
connection from the outside; and because of the way UDP protocol works,
it could also block your UDP-based application from connecting to
external systems.
The IP address-blocking feature is automatic, and set when the intrusion-detection
component detects hostile traffic from someone. The only
control you have of this feature is whether you want it enabled or not.
Other than that, the intrusion-detection component determines which IP addresses to block when
the feature is enabled. Not all attacks are IP blocked.
The product has been set up so that attacks that are hard to spoof will
trigger the IP blocking mechanism.
If you want to figure out which attacks will trigger an IP address
block, you can look in the file issuelist.csv (a comma separated value
file). All issues that have "IP" in its fourth field, will trigger
an IP address block.
