I’d like to block some ports against Ransomware.
Apparently 135~139, 445 should be blocked for it.
Support center’s answer is here.
Firewall is now the latest version 10.0.1.6223.
We are glad to help you in blocking the TCP or UDP ports. We suggest you to use 1 block rule using port sets and then place it to the top. You can do this, go to my port sets in common section of firewall, click add new port set, give it a name like microsoft ports, then with the new port set highlighted, add new port, select a port range, put 135 in the first box and 139 in the other, click apply and add another new port, use a single port 445, click apply. Then go to your global rules and make a new one after you removed the old block rules, but use TCP or UDP as the protocol and for destination port select a set of ports and from the drop down menu click on the newly created port set.
But, I still have questions for their answer.
“We suggest you to use 1 block rule using port sets and then place it to the top.”
I checked over ‘firewall > portsets’, but roles are not movable up or down. (but Global rules movable.)
How to move? Is it just their misunderstanding?
In the explanation of making portsets rules
To block ports, shouldn’t I put a check on ‘Exclude (i.e. NOT the choice below)’? They didn’t mention it.
The default rules for HTTP ports, POP3/SMTP ports and Privileged ports have no checks. I don’t think they are blocking rules.
They also said
“Then go to your global rules and make a new one after you removed the old block rules,”
They said I have to remove the old block rules, but I have only default rules. Those are here.
- Block ICMPv4 Out From MAC Any To MAC Any Where ICMP Message Is PROTOCOL UNREACHABLE
- Block ICMPv4 In From MAC Any To MAC Any Where ICMP Message Is 17.0
- Block ICMPv4 In From MAC Any To MAC Any Where ICMP Message Is 15.0
- Block ICMPv4 In From MAC Any To MAC Any Where ICMP Message Is 13.0
- Block ICMPv4 In From MAC Any To MAC Any Where ICMP Message Is ECHO REQUEST
Which should be removed before I create TCP and UDP rules? Do I not need to remove?
And, the two block rules for 135~139 and 445 which I manually made should be put on top?
Can anybody help me to block the ports permanently and as rules of first priority?