I upgraded from 3.13. I exported my config. When I installed 3.14, I imported the config. It looks like the config only got partially imported (OR wasn’t fully exported originally). I got prompted when rebooting for many events which had already been addressed in the old config. Also, a custom rule I have been forced to use to deal with some unknown traffic was missing.
The rule was the most important, so I recreated it. It looked like it was working for a short period for time (I could see entries in the log). But then it stopped working.
Previously, I had made the rule very specific. Now I made it made it very general (TCP/UDP IN/OUT on ANY source/destination port as long as the destination port is 5431).
Here’s a screenshot showing the rule and the fact that it is not blocking the traffic:
Hi,
It seems that the 1st rule is allowing that. Your blocking rule is AFTER the “allow” rule, so…
Solution: just drag your block-rule (second) to the top, to be the 1st one.
(or change the 1st rule into 2 ones: one allowing only incoming with the same restrictions as now, and another to accept outgoing traffic EXCEPT to port 5431 - if this is your wish)
OK?
You need to create this as an Application Rule not a Global rule. Typically CIS uses Global rules to filter Inbound traffic and Application Rules to filter Outbound traffic. So create an Application Rule for svchost that blocks TCP Out to this port.
Sorry, Toggie, with respect, but I disagree with you.
Reading the manual, Global Rules will ALWAYS be “in”. It will be the first protection layer for incoming, and the last protection layer for outgoing.
So, if you don’t want to connect to some port at all you MUST use Global Rules, instead creating the same rule for each app.
Test for yourself.
You may be confused with something else…
Hi, EricJH.
I understood that Iamee99 doesn’t want to connect TO that port (5431) at all, as was said in first post by the rule created.
You say that outgoing traffic isn’t under/supervioned as they should be by Global Rules or something like that? (I mean: Global rules doesn’t take effect on outgoing traffic? - i.e. should create “n” rules for blocking connections to port 5431 for each app will work and a single global rule won’t? …and if you forget to create that rule for some new app next month?)
So, two actions must be taken as soon as possible, please:
1 - Make a big advertise at the help files and corrections,
2 - solve this bug as soon as possible.
Sorry, if I’m being intrusive in the subject. This is the last time I will try to help someone, as now I realized that I don’t know nothing about CIS.
IMO, this is the correct, and simplest solution to the question at hand. :-TU
Not that anyone is wrong, just different. Given that the OP wants to block the port for any and all apps.