Configuring FW Rules for Untrusted Network. Help Please??

Discussion in 'other firewalls' started by Jula9600, Aug 24, 2011.

Thread Status:
Not open for further replies.
  1. Jula9600

    Jula9600 Registered Member

    Joined:
    Aug 5, 2010
    Posts:
    21
    I am reconfiguring my Windows Firewall with Advanced Security rules to protect my pc from it's own network - working on seperating my pc from my landlord's network, but that will have to wait. The Firewall Questions for beginners and Windows Firewall with Advanced Security: Guide for Vista stickies here are wonderful sources of info but I could a little help with a couple of rules.

    I am leaving the most of the default public profile rules for the moment until I can get the private profile tightly secured and working properly. I am going for a block all outbound not specifically allowed policy here.

    1. Browser Issues: I have internet connection but can't browse the internet. Current Outbound Rule for %ProgramFiles% (x86)\Mozilla Firefox\firefox.exe

    Local Address: Any / TCP 1024-5000 - Remote Address: Any / TCP 80, 443

    AND (for DNS)

    Local Address: Any / any port - Remote Address: 192.168.0.107 / UDP 53

    2. From The Firewall Questions for Beginners thread:

    Netstat on my landlord's pc shows the above info. I have blocked in/out udp 1900 (as well as TCP 135-139, 445). I'm getting 5-20 of these per second: - (local port and size vary)

    DROP UDP 192.168.0.1 239.255.255.250 1454 1900 366 - - - - - - - RECEIVE


    Is there anything else I should do about this? And can anyone tell me what is wrong with my fw rules?
     
  2. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    176
    Under earlier versions of Windows - XP, 2003 etc - the ephemeral port range (1024 to 5000) was typically used as the source port for applications such a s browsers, when making an outbound connection. In later versions of Windows - Vista, Windows 7 etc. - Microsoft adopted the IANA standard of using the Dynamic port range (49152 to 65535) for the source port. In you Browser rule, change the range for the source ports from 1024 to 5000 to 49152 to 65535.

    For UPnP/SSDP, if you have no need for these services you can disable them in services.msc.
     
  3. Jula9600

    Jula9600 Registered Member

    Joined:
    Aug 5, 2010
    Posts:
    21
    It worked! Thank you so much :D
     
Loading...
Thread Status:
Not open for further replies.