block ip in from mac any to mac any where protocol is any - on or off ?

scanreg · May 31, 2014, 5:29pm

vista
CIS 7.0.317799.4142

in Firewall > Global Settings, should “block ip in from mac any to mac any where protocol is any” be turned on or off?

not sure what this does and is currently off (default?)

thanks

worldwidewiretap · June 2, 2014, 2:24am

If I’m not mistaken, a global rule is either allow or block. Do you mean allow or block instead of on or off?

SanyaIV · June 2, 2014, 7:18am

Just to avoid any kind of misunderstandings, the check-boxes next to the rules aren’t “enable” / “disable”, they’re only selection check-boxes for when you want to do certain actions to several of the rules. You may or may not know that already but I don’t see any other way a rule can be present yet disabled?

scanreg · June 2, 2014, 2:50pm

here’s a screenshot

should i enable the Block IP In From MAC feature at the bottom?

if yes, i’m assuming that i put a checkmark in that box and click ok

thanks

[attachment deleted by admin]

SanyaIV · June 2, 2014, 3:03pm

The rule is already active, the checkboxes are NOT for enabling/disabling a rule, they are ONLY used to select multiple rules when you want to for example delete them. I’m not sure how to make that more clear.

worldwidewiretap · June 2, 2014, 4:35pm

To clarify what Sanya is saying, those rules are already established. The ones with the green checks are allow rules, and the one with the red symbol is a block rule. You can double click the rule to bring up it’s settings, in which you can change, rename it however you prefer. To delete the rule, you would then use the checkbox, pull up the options tab below the rulesets, and click remove.

This block / mac / in rule could cause issues if you need systems on your network to communicate with each other, example (file sharing or discovery). It would block other systems from communicating with that particular system you have the rule applied on.

Citizen_K · June 2, 2014, 11:05pm

I you want to communicate over the local network you need to make a Global Rule to allow incoming traffic of your local network.

scanreg · June 3, 2014, 1:49am

many thanks, now i get it, the red marker is a block rule

thanks for the tip on double clicking to edit too

jmonroe0914 · June 12, 2014, 12:23am

I would highly recommend blocking all ICMPv4/v6 in/out traffic as there are only a minute number of applications that require it and unless a person is connected to an enterprise network, ICMP should always remain blocked

scanreg · June 12, 2014, 1:14pm

thanks