A method, system, apparatus, and computer program product are presented for a distributed port firewall system. The distributed port firewall system provides mapping of port usage to application needs, application action object (AAO) used to identify the use of ports. Application action object may be opened based on endpoint and user. Port firewall "properties" are added in order to configure firewall which are only configurable by certain trusted users or applications. Different policies applied to usage and the opening of ports based on both a collection of endpoints, managed regions, or on a per endpoint basis. Beyond just allowing an application to open a port, the allowed packet types are also configured to work in conjunction with a distributed packet snooper session.