Are these two rules the same?

I was trying to understand some of the different options for making rules, and I was slightly confused. I think I understand now, but to be sure, are these two rules the same?

They are basically the same thing. I wouldn’t use either one as they are now, but the first one is preferable, because it can be controlled a little more. I’ll explain…

The first one Allows TCP (a Protocol) Inbound (an unsolicited connection). With a TCP or UDP based rule, you can define Source IP, Destination IP, and Source / Destination Ports as well.

The second rule Allows IP (encompassing all protocols) Inbound (an unsolicited connection). As it is, it defines the type of Internet Protocol (IP) as being TCP. This essentially allows TCP on All ports. With an “IP” rule, you cannot define port access; thus it is a much broader rule.

For security purposes, wherever possible, define as much as possible.


If I’ m understanding this, while those two rules are the same in functionality, the TCP has greater control should I have made that rule more specific?

Correct. Since you’re creating an Inbound rule, you want to define it as much as possible. Typically, this is done by specifying the destination port to be used, and if possible the source IP.

If you don’t mind (as it may help) why are you wanting an Inbound rule for the localhost? Are you trying to utilize a proxy for surfing, or something else? Heh, or is this just an exercise in rules? :wink:


I wasn’t creating those rules for real. They were just so I could take a screenshot so I could ask if I was correct in them having the same funcionality. I did them as localhost so for the short time they existed for the screenshot, I was still protected :slight_smile:

Okay; I wondered…

If you want to know more about Network Monitor rules, this is a good thread to read through…,6167.0.html

There are some good tutorials/explanations there, and lots of examples of rules, and ways to make sure they’re secure.