Single Internet Filtering rule for inbound monitoring only ?

As the title suggests, is there an existing premade (or simple to implement) Internet Filtering rule that will allow for monitoring of inbound requests only ?

I don`t understand rulesets at the best of times, and I can`t think of how to do this

With regard to my thread of a couple of months ago, I did stop using internet filtering (with no problems), but have realised that this will not allow me to simply monitor any inbound attempts that may happen.

I presume there is a way of doing this with the application of one simple rule ?

 

Hi Fad,

Please using the rule as follows:

 

Thankyou ktango, I have been offline for a while and have only just seen your reply.

I had an idea it might be something like that, but wasn`t confident that it would be correct....

I will test this later

 

Hi Fad.

What exactly do you mean by "inbound requests"?
The rule posted by ktango will allow and log all inbound packets, and not just requests. If you wish to monitor inbound TCP requests (requests for connection), then you would need to filter that protocol with a SYN flag set, and set that rule for blocking with logging. Normally, besides giving a full stealth, that would block and log all SYN requests, but will also defeat the use of any server software (say, P2P client) if it stands at the top of the ruleset. Of course, all of this is valid only if you have an open connection (as in, no NAT in front).

 

Thanks Seer for the extra info....

I am in fact behind a router, but initially was curious to see what inbound connections might have been trying to get through past the router (if any are even possible behind a router ? - I don`t know)

Where you said:
"you would need to filter that protocol with a SYN flag"
that actually went right over my head, as I have mentioned rules creation and the mechanics of them is like black magic to me

So would I be correct in thinking that because I am behind a router (NAT ?) that it is impossible for any unsolicited inbound connections to occur ?

Either way, the inbound logging rule as shown above will allow me to see what programs I have allowed are getting up to, and the IP addresses of those connecting through those programs

I hope that made some kind of sense as even I started to confuse myself then

 

Yes. If you are behind a router, then no connection attempts (TCP packets with SYN flag set) will pass to your PC. Routers are specifically set to block these attempts.

Certainly, if you feel the need to monitor your allowed applications, by all means use the rule posted by ktango.

 

Thanks, that`s good to know - I was never really sure if that was the case or not.

That rule above is useful for checking certain programs or just general checking under certain circumstances, not for full time monitoring...I would be sat here for the rest of my life watching otherwise !

that was part of the reason I wanted to just not use internet filtering generally, I was constantly checking the logs and getting paranoid - I`m sure I have better things to do