I use v. 2.4
Win XP SP2
I am fully updated with virus protect and system is maintained
With CPF I accept an application or allow and most the time it says:
TCP/UDP in/out—destination port(any) destination IP (any)
my question is as follows do I need to specify any port/ip details or is ANY ok?
Depends on the application, and how tight you want the rules.
That rule was created like that because you have the alert level set to low or very low. If you want to create more specific rules from the prompt, you have to adjust the level.
Note that IN in AppMon isn’t really INbound, since the default rules in NetMon are blocking unsolicited INcoming packets (the last blocking rule blocks everything else not allowed in the rules above).
If one chooses some kind of port firewall, and not an application firewall (call it ZA or whatever you want), there must be a reason.
It makes absolutely no sense to have a firewall if each application is allowed TCP and UDP, IN and OUT, for any port.
Let’s take a very basic example: for normal use, i see absolutely no reason to allow your browser for anyyhing else then TCP OUT for ports 80 and 443 and in some circumstances UDP OUT port 53 for your ISP dns ip.
Not obeying what seems an obvious rule is a very dangerous security risk, as it allows everyone to do whatever he wants on your pc, TCP IN, by simply masquerading your browser.
So I am confused since IE should usually be on port 80,443 etc
then what about other applications I use?
I might have my settings all badly set
how about you experts, how do you have your port configurations set for applications?
If we continue to take the browsers example, i have 2 similar rules for firefox and opera:
destination any, ports 80, 443, tcp out, allow
destination range (my isp dns), port 53, udp out, allow
and concerning ie i don’t want to be used:
destination any, port any, tcp/udp in/out, block
You can write similar rules for your mail software, allowing only ports 25, 53, 110.
Or for explorer i only want to communicate inside my LAN on netbios ports:
network zone, port range 135-139, tcp/udp in/out, allow
What i wanted to illustrate is that, for each application, you should only allow by trial and error the necessary ports and protocols, and that everything else should be blocked:
in the examples above, i see no reason for firefox to connect wherever tcp in, or for explorer to connect on the wan, moreover saying that there’s no reason whatsoever for some applications (Microsoft Word, Mstask…) to work outside your local pc.
Ok now finally
should all iexplorer.exe’s include this rule you mention even the ones that include a parent path
I show about 5 iexplorers
add this rule you suggest for them also??? (R)
What are the parent applications? The browser will ask for explorer permission if you open a url from a local file; but i see no reason to open the browser except for ports 80,443 and 53 and for a wide variety of applications who should in the best case have their own rule (eg: i have a rule for avira antivir update, tcp out port 80, for which the browser is necessary, but it doesn’t need a browser’s parental rule since the browser is allowed for port 80 tcp out for any ip).