What's the difference between IP then selecting TCP and TCP alone

[Guest]

[j0hnnyX]

What's the difference between,

Allow TCP in/out....

and

Allow IP in/out where protocol is TCP

(or UDP)

Sorry I'm a networking noob.

Thanks

[Ronny]

Hi j0hnnyX,

TCP is a connection oriented protocol which has a 'handshake' to setup a connection and after that it is able to send data.
It also has mechanisms to request retransmission of lost packets etc.

UDP is connection less (fire and forget) so there is no 'handshake' overhead, just submit the packet and hope it arrives at the destination.

Both are part of the IP protocol suite.

Here is a nice video on general network/firewall stuff http://www.warriorsofthe.net/

And the wiki for IP, TCP and UDP
http://en.wikipedia.org/wiki/Internet_Protocol
http://en.wikipedia.org/wiki/Transmission_Control_Protocol
http://en.wikipedia.org/wiki/User_Datagram_Protocol

I can't see an option in CIS where you can define IP in/out AND TCP or UDP, it's either IP in/out or TCP/UDP in/out.

If you use IP option in the firewall rules you basically allow TCP and UDP and ICMP traffic with that rule.
Where if you use TCP or UDP or ICMP you restrict it to that type of traffic only.

Next to the traffic there are ports that are used to connect to a service, like 80 for http server, 25 for sending out mail via SMTP etc.
Here is a list of those ports that are reserved for special purposes.
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

e.g.
http traffic = TCP traffic on port 80
dns traffic  = UDP and TCP traffic on port 53
ping traffic = ICMP traffic

Hope this helps a bit.

[j0hnnyX]

Thanks for you reply Ronny.

I know the basics of TCP/IP and UDP however I'm particularly confused about "IP where protocol is TCP (or another protocol)" and I want to understand when to use which.

When you add a rule if you select protocol as IP you get a tab named "IP details" where you can select a number of protocols like TCP, UDP, ICMP, IGMP etc...

[clockwork]

for normal internet using you need
just outgoing
tcp and/or udp

if you run a server or p2p you could need to allow very specific ingoing traffic.

if you want to block traffic in general, you should use IP (combines all protocolls), so you dont need to block each of the protocolls after another.

you should not use IP for allowing ingoing traffic (IF you would need one day to allow something ngoing).

try if all runs with outgoing tcp/udp. if all runs, you dont need to allow more.
a global rule should be "block IP in any any any". so you will not get annoyed by unrequested ingoing traffic questions.

[Ronny]

I know the basics of TCP/IP and UDP however I'm particularly confused about "IP where protocol is TCP (or another protocol)" and I want to understand when to use which.

I only use those if I can't match the rule on TCP or UDP or ICMP.

So if your trying to stop something that isn't TCP or UDP or ICMP you can use this, e.g. your on a corporate LAN and it has multicast configured you might see IGMP traffic show up in your logfiles, now if you wish to filter those you could use this option.

[Tags:]