Help setting the firewal to host online game

What should I do to the game exe to allow it to run hosted online game session.

When opening port what kind of traffic port should I create?
Should I allow TCP, UDP or ICMP or all in to that exe?
What’s the security risk of playing or hosting game online for couple of hours(private game)


I have no experience in hosting a game. But analogous to setting up a p2p client you need to know from the makers what ports need to be open for what sort of traffic.

An open port is by definition a security risk. But with Windows being updated to the latest and a good firewall like CIS risks are very low. So, don’t be afraid.

I have had a couple of ports open on my router for a couple of years for p2p programs and was never hacked.

Enjoy gaming and let us know if you need more information on how to set up CIS.

Thanks Eric how do I open a port in CIS?
I aready created it but not sure whether they can receive incoming connection.

I assume for educational reasons you only need to open one port (TCP or UDP) with no ICMP needed . Here is the drill. Go to Firewall → Advanced → Network security Policy → Global rules → add.

Fill in the following
Action: Allow
Protocol: TCP (for example)
Direction: In
Description: Incoming for TCP port XYZ for game

Source address: Any
Destination address: choose a way of identifying you computer. Use IP address when using a fixed internal IP address
Source port: Any
Destination Port: single port: XYZ

When done push apply. Then make sure the rule is somewhere above the basic block rule (which can be recognised as a red icon at the bottom). Then click ok. Now you have an open port for incoming traffic.

Follow the above for opening more ports or allowing ICMP traffic when needed.

Thanks I set the required firewal policy and CIS logged that I had one inbound connection from my friend’s IP
However I still couldn’t detect him in game(he was unable to enter)

Only after him running the server was I able to play online.

It’s just weird CIS logged the inbound connection but in game he was not detected.

What is the name of game?

Many games use UDP/TCP. ex)port:6112, 30275(it depands on games)
You should open both of UDP/TCP.
for instance, UDP 6112+TCP 6112
And you shoud allow the your friend’s IP or add his IP to trusted zone for the security.

The game was Sins of a solar empire.

I already allowed his IP in the game exe/ made the game exe firewall policy to allow inbound connection too for UDP, TCP and even ICMP from his IP. I allowed ICMP message from his IP too in the global policy and allowed Incoming traffic from his IP in the global list.

btw is the global policy more powerful than the individual policy?

CIS didn’t log any blocked intrusion attempt from his IP and even logged inbound connection from his IP originating from the game exe but he was not able to connect to me in the game at all.

Can you show me screen shots from your Global Rules and the rules for your game.exe? Sometimes a picture tells more than a thousand words.

Hey thanks for the effort Here’s the screenies,

The Global rules are these:

The game exe network security rules are these:

Actually I even added to allow ICMP in where type Echo request to the game exe too.
CIS logged that there was successful inbound connection but somehow he was still unable to join in the game(not detected by the game). The game exe received inbound connection from his IP there was some bytes sent in(198 B) but there was no bytes sent out(0 B).

I see you are only allowing one IP address in in the Global Rules. If I understand correctly you are hosting a game server. Is that correct? Then you need to be open for all incoming IP addresses.

You can tighten your rules a bit by defining the destination address to your computer only.

Umm I only intend to play with a friend of mine.
So basically just the two of us on lan.

I get it. You are running the server and you have only one client. As far as I can tell you set CIS by the book. Gonna ask the other mods to take a look and see if I am missing something.

You’re one of the kind Eric. Even if you come up with nothing further…as I suspect that it is a CIS bug . . .

Thank you!!! :-TU :-TU


If you have a look at reply #3 at

They say you need to open two ports, 6112 for game data and 6000 for Ironclad. This may explain why your friend can see your PC but can’t connect, as Ironclad is used for game management, stats, etc. They also say you only need TCP.

I’d set up an additional rule allowing TCP inbound on port 6000 from ANY source address.

Hope this helps,
Ewen :slight_smile:

Thank you very much Panic :). I’d look into it and try that.
Though I think port 6000 is needed for internet play not for LAN game . . .
I’m a bit hesitant on opening my port fully to any address.

Opening a port is always a bit of a risk. But with Windows updates up to date and a good firewall there shouldn’t be a problem. As stated in the above I had a couple of ports open for a couple of years with no problem. That’s what we have firewalls for of course… (:NRD)

Well I’m willing to give it a try this weekend…just to see if it actually works by opening port 6000…

Ok… keep us posted.