hello, this is a suggestion :
When we have an alert on firewall, we have only three choice : allow the request, block or threat application as. this create the rule for the first and second one allow all or block all request on any ip and any port. It will be better if we have more choice like allow/block the port detected only and allow/block the ip only. This will be easier and safer for managing the firewall rules instead of doing that manuelly with some risk of configuration’s error. (it makes me several time to success in close port 445, 1025 and 1026 for the application system).
(i permit to write this link GRC | ShieldsUP! — Internet Vulnerability Profiling for testing your firewall security)
