I’d like to block some ports against Ransomware.
Apparently 135~139, 445 should be blocked for it.
Support center’s answer is here.
Firewall is now the latest version 10.0.1.6223.

============
We are glad to help you in blocking the TCP or UDP ports. We suggest you to use 1 block rule using port sets and then place it to the top. You can do this, go to my port sets in common section of firewall, click add new port set, give it a name like microsoft ports, then with the new port set highlighted, add new port, select a port range, put 135 in the first box and 139 in the other, click apply and add another new port, use a single port 445, click apply. Then go to your global rules and make a new one after you removed the old block rules, but use TCP or UDP as the protocol and for destination port select a set of ports and from the drop down menu click on the newly created port set.

But, I still have questions for their answer.

1. They said
   “We suggest you to use 1 block rule using port sets and then place it to the top.”
   I checked over ‘firewall > portsets’, but roles are not movable up or down. (but Global rules movable.)
   How to move? Is it just their misunderstanding?

2. In the explanation of making portsets rules
   To block ports, shouldn’t I put a check on ‘Exclude (i.e. NOT the choice below)’? They didn’t mention it.
   The default rules for HTTP ports, POP3/SMTP ports and Privileged ports have no checks. I don’t think they are blocking rules.

3. They also said
   “Then go to your global rules and make a new one after you removed the old block rules,”
   They said I have to remove the old block rules, but I have only default rules. Those are here.

• Block ICMPv4 Out From MAC Any To MAC Any Where ICMP Message Is PROTOCOL UNREACHABLE
• Block ICMPv4 In From MAC Any To MAC Any Where ICMP Message Is 17.0
• Block ICMPv4 In From MAC Any To MAC Any Where ICMP Message Is 15.0
• Block ICMPv4 In From MAC Any To MAC Any Where ICMP Message Is 13.0
• Block ICMPv4 In From MAC Any To MAC Any Where ICMP Message Is ECHO REQUEST
  Which should be removed before I create TCP and UDP rules? Do I not need to remove?
  And, the two block rules for 135~139 and 445 which I manually made should be put on top?

Can anybody help me to block the ports permanently and as rules of first priority?

In Global firewall rules add a Block IP In From MAC Any To MAC Any Where Protocol Is Any. That will stop all unsolicited inbound traffic.

Thanks,
Is this correct for ‘Block IP In From MAC Any To MAC Any Where Protocol Is Any’?

Action: Block
Protocol: IP
Direction: In

Tags
Source Address: Any Address
Destination Address: Any Address
IP Details > IP Protocol: Any

Yes but it would be better to run the stealth ports task and select block incoming connections.

Why? Doesn’t ‘stealth ports’ simply bock inbound traffic? That’s what the Block IP In From MAC Any To MAC Any Where Protocol Is Any rule does.

Yes but using the block incoming selection it also allows two specific ICMP error messages to be received, time exceeded and fragmentation needed.

Just so I understand are you saying that the Block IP In From MAC Any To MAC Any Where Protocol Is Any rule allows those two ICMP messages? If so, why? ICMP uses IP as it’s routing protocol so Block IP should block everything and Protocol Any should include ICMP…

No using the stealth ports task and choosing “block incoming connections” will block all incoming requests except for time exceeded and fragmentation needed ICMP error messages. Which helps with communicating between two hosts to work correctly.

Ah, thanks. I know what those two ICMP messages are for and I’m happy to block them.