Can't customize firewall rules

I used the grc test, and all the ports were stealthed. However, I want to see exactly which ports my ISP is blocking. So I set the named IP range at grc.com as a trusted network. But the firewall only allows a ping from the address. What’s the problem?

Why you want to know what ports are being blocked?

With regards to ISP’s blocking ports for p2p programs those days are over as program can choose any port they like. ISP’s depend on traffic shaping, delaying p2p traffic a bit in favor of surfing, for managing p2p traffic.

Are your concerns about p2p programs not working as they should?

I just wanted to see what ports my ISP was stealthing outside of my firewall. However, setting trusted networks doesn’t work. Basically I want to set 4.79.142.192 through 4.79.142.207 (The GRC scan servers) as trusted, thus de-stealthing my firewall for those addresses.

You created a trusted network for GRC. Next step is to use the Stealth Ports Wizard to add your GRC trusted network to the Global rules.

In the main screen go to Firewall → Common Tasks → Stealth Ports Wizard → select “Define a new trusted network and stealth my Ports to EVERYONE else” → select “I would like to trust an existing My network zone” → select the GRC network zone in the drop down menu at the bottom → Finish.

If you want to see if it worked go to Firewall → Advanced → Computer Security Policy → Global rules.

I tried that before, and the only thing that changes in the scan results is that the firewall responds to a ping, but all the other ports are still stealthed.

What ports are you talking about? What ports are stealthed and react to ping in the two described situations?

All the ports that GRC scans in the “Common Ports” are stealthed, except the ICMP request, which is not stealthed. So ports 0,21,22,25,79,80,110 etc. still appear stealthed, but only the ICMP echo request is not.

Try adding a block rule to Global rules that specifically blocks all incoming ICMP traffic. Does that help? Make sure the rules is right on top of the basic block rule.

I want to allow all ports not to be stealthed for the GRC scan servers so I can see what ports my ISP blocks, so I don’t want to make an ICMP block rule.

Just email your ISP. Tell them you’re trying to play an online game and are having troubles connecting. Ask what ports if any, they are blocking.