Hi and thanks for a great firewall (albeit a bit complicated IMO and not too user friendly for newbs). Thus I’m not sure or not wether this is the best security setting for me? I do some gaming and share some stuff via uTorrent and that’s about it.
I use wireless as my main connection, but at home and on university. I would like my computer to be as safe as possible for that.
ID Permission Protocol Source Destination Criteria
0 Allow IP IN Zone LAN 0.0.0.0/255.255.255.255 Where IPPROTO is any
1 Allow IP OUT Any Where IPPROTO is any
2 Allow TCP/UDP In Zone LAN 0.0.0.0/255.255.255.255 Where IPPROTO is any And Destion Port is XXX(my uTorrent port)
3 Allow ICMP Out Any Any Where icmp message is echo request
4 Allow ICMP In Any Any Where icmp message is fragmentation needed
5 Allow ICMP In Any Any Where icmp message is time exceeded
6 Allow (+log) IP In Any Any Where IPPROTO is any
Thank you very much.
PS. a second question, I often find myself giving access to certain programs because they need svchost or whatever its called, or some other windows program that is not associated with the program itself, and if I block it I will lose internet connection with all the other programs. Am i doing something wrong or is this accurate?
The first rule should be more specific as to the IP addresses. You are allowing all known IP’s access to your PC. The best way is to make Trusted Zones for each network that you connect to.
You basically are letting everyone into your PC whenever they want in the way your rules are setup now.
Rule 0 is letting all IP addresses have access to your PC. You should set up a Trusted Zone for each network that you connect to instead of allowing all known IP addresses (0.0.0.0-255.255.255.255). When setting up the Trusted Zone in the drop down box it should have your NIC card and should automatically know the IP addresses to use for the network you are connecting to.
Rule #6 needs to be changed to BLOCK. This will block any traffic that you do not specifically allow in by using a rule. On games this might force you to write a rule for each game that you play so the traffic will come and go thru the firewall.
As far as blocking components and losing the internet, that is the design of version 2.4 and as far as I know there is no workaround for it. If someone else knows of a workaround for this please correct me.
OK, thank you very much for your help. This is the updated version:
ID Permission Protocol Source Destination Criteria
0 Allow IP OUT ANY ANY Where IPPROTO is any
1 Allow IP In NIC Any Where IPPROTO is any
2 Allow TCP/UDP In ANY NIC Where Source Port is any And Destion Port is XXX(my uTorrent port)
3 Allow ICMP Out Any Any Where icmp message is echo request
4 Allow ICMP In Any Any Where icmp message is fragmentation needed
5 Allow ICMP In Any Any Where icmp message is time exceeded
6 BLOCK(+log) IP In Any Any Where IPPROTO is any
And my questions:
a: is it correct that IP OUT should be over IP in and that IP out should be set to ANY and ANY?
b: is my IP In configure correctly with Source as NIC and Dest as ANY
c: is the tcp/udp configure correctly for utorrent with ANy and NIC?
d: should 6 be Block BOTH IP In/Out or is IP In fine?
IDPermissionProtocol SourceDestinationSource Port Destination PortMisc-TAB
0 Allow IP-OUT ANY ANY any
1 Allow IP-In NIC Any any
2 Allow TCP/UDP In ANY ANY any uTorrent port)
3 Allow ICMP-Out Any Any echo request
4 Allow ICMP-In Any Any frag… needed
5 Allow ICMP-In Any Any time exceeded
6 BLOCK IP-In Any Any any
Rule #1
For the red “NIC” that should always be the IP address for whichever network you are on at the time.
Rule #2
Where the red ANY is I changed “NIC” to “ANY” because it means whatever address you have at the time so you don’t have to keep changing it.
Rule #6
I would just set it to IN.
You can set any of the rules to show in the log. Logging the blocked stuff would probably be good, but it just depends on what you want to see in the log.