Hello all i’m new user … and the first thing i see for the Global rules its Destination and Source –
So i’m confused of this …(i prefer for example LOCAL PORT)
Example:
Need to block “DCOM exploit” on port 135, “IN” for TCP and “IN & OUT” for UDP
If i understand, i need to write (do) this…
BLOCK TCP In From IP Any to IP any Where Source port Is Any And Destination Port is 135
BLOCK UDP In From IP Any to IP any Where Source port Is Any And Destination Port is 135
BLOCK UDP Out From IP Any to IP any Where Source port Is 135 And Destination Port is Any
I think its compliqued and this its better for compréhension (port 135 block example)
BLOCK UDP Or TCP In/Out From IP Any to IP any Where Local Port is 135 And Other Port is Any
I agree, that would makes things a bit clearer.
as I understand it, and this applies to the global rules only, if direction is out, source = you. If direction is in, source = them
This is made more confusing by the fact that application rules (in 2.4, at least) do not follow that pattern.
In 2.4 application rules, destination is the remote address, even if the connection is inbound. Mind you, I only worked that out after setting up my home network the other week, after using 2.4 for 18 months :-\
yeah, and the funniest is in the global rules of 3.0, when it comes to the trusted zone, your network adapter:
"allow IP out with source (them) when target is “the network adapter” which basically means that you allow a response when the request has been made to you… :SMLR (I’m in Linux at the moment, think it’s formulated that way…)
…and this is called an outgoing request, when this should be called a request for outgoing response… :SMLR
Hi
This means that on the v2.4 this rule Block TCP or UPD Out Source Andress Any Destination Andress Any Source Port Any and Destination port 135-139, 445, 500 are all right, while on the v3.x must make it Block TCP or UPD Out Source Andress Any Destination Andress Any Source Port 135-139, 445, 500 and Destination port Any?
You should also be aware that the above quoted rule will block ports 137-138 to/from PCs on your local LAN.
Bye bye simple networking.
Your rules should be as explicit as they need to be. You could use the above rule, providing you set it up as an EXCLUDE and nominated your LAN as the excluded address. This would then allow access to/from these ports across your LAN, but not from any IP outside your LAN definition.
I know (a lot little (:NRD)) that blocking 137,138 ports my Lan has problems but my doubts are others:
if use a connection with modem 56K the block of the remote ports 135,135,137,138,139,445,500 TCP/UDP OUT renders the connection more surer?
this rule that I had made for the v2.4 in the v3.x is mistaken? That is, if I wanted to make the same rule that I have made for the v2.4 in the v3.x I would have to put the ports on source instead of destination?
If you wanted others to access your computer (say for sharing files) then you would use “destination” (inbound connection). If you wanted to access other (remote) computers to access their files, you would also choose “destination” (outbound connection).
Also note that CFP2 and CFP3 block all inbound connections by default so it is likely that you would be creating an “allow” rule if you wanted to share files.
