port blocking

Hello, using ver3
xp pro, sp2

Im trying to block ports 137-139, but am not, or never have been any good with firewalls, nor am I confident with rules. I can find lots of online content as to why I should block certain ports but how do I (safely) go about this in ver3. Forgive my ignorance on this subject,but better to ask those who know best, thank,Techdunce :slight_smile:

Hey TD,
You may want to just run the stealth ports wizard and select “Stealth My Ports To Everyone” and this will create some Global Rules for you and “hide” the ports in question. Will this work for you, or do you actually need a specific rule excluding those ports from all activity?

Hello Comfo, and thanks for your reply. This is where my ingorance comes to the fore. I have already "stealthed " ports, and all is well with that according to shields up etc. Am trying to gain a little education on the whole matter, and am getting good use from FAQ`s and so forth, but one of my worries is,when reading up on firewall security in general and port vulnerabilities, I see lots of warnings about ports 137-139 135 445, and was of the opinion that stealthing my ports was sufficient, but in the “view connections” tab on CPF, I keep seeing “system” listening at port 139,although there are zero bytes in or out, am a little concerned that listening might turn into communicating.So, figured to block the port, and any others that might give concern in the future, but am not confident about how to go about it,or even where to begin.And thats just the short answer(hee hee).Thanks again,Techdunce :slight_smile:

Hi Techd,

Have a look at this thread it gives some great info




What I have done is define these as a port set “Netbios” and added an application rule for system
followed by a block and log all, just in case

If you have a LAN and are doing sharing, you may need to allow some of these ports internal to the LAN by creating a trusted network with the stealth port wizard and adding appropriate “allow” rules. What you really want to do is to block “external” access to these ports.

Hello Riggers, and believe it or not,I just got finished reading that thread and checked back here after disabling netbios, have also got the thread from the link at the bottom of it opened in another tab,in that link you provided it recommends blocking ports 137-139 also 445, but am unsure how to do that.Thanks again,Techdunce :slight_smile:

Sorry Sded, missed your post before replying, but have to admit am getting more and more confused, if I make a rule to block udp out, then am I blocking requested traffic, when its unrequested traffic Im concerned about.I can see a big learning curve coming my way lol.thanks for reply,Techdunce
p.s. part of my problem is I dont have much idea where to start,eg: global rules, network rules. Think Ive long way to go

The udp out block is because you may get a lot of router chatter and other housekeeping traffic that will show up in your log if you don’t block it without logging. The block and log all will show you if you are getting any external/unrequested traffic. You can put in only the block and log all and see if you get a lot of logging before you decide on final settings. :slight_smile:

Ok, I`ve created a new port set, range 137-139, next, how do I assign a rule to this port set .Sorry for slow progress, but once passed this curve, will be a bit more confident about future settings, thanks again,Techdunce :slight_smile:
p.s. Is there a specific way of blocking traffic from a port as suggested by Comfo in earlier reply.

go to firewall/advanced/network security policy and there will be a list of applications and rules, and a list of global rules. You can either make rules for system (look under running applications if there are not already rules for it) or make global rules. Just say “add” and a template will come up to help you make a rule. The procedure that Comofo suggested will make a rule to block all inbound connections. To do specific ports, the template is fairly easy to follow for tcp&udp; the other protocols don’t use ports.

Thanks for sticking with me on this Sded, just want to put my last action out there to see if Ive made a broken rule, or maybe even got it right. In Global rules, Ive made this rule.
destination port: port range 137-139

If Im right so far, then I can make a second rule for outgoing?.Im not on a shared network, so my main objective is to block these ports,at least for now.Am I getting there, thanks again,Techdunce :slight_smile:

Try making the rule a block and log to see if anything is trying to get in. Are you using “any” for source ports and destination IP? And go ahead and add port 445 to the mix if you are not sharing anything.

Here`s how it appears in Global rules window.
Block and log tcp or udp in from ip any to ip any where source port is any and destination port is in 137-139.

If this is correct, and taking on board your suggestions about port 445, where in the Global rules hierarchy should this rule be,as you can probably guess, its the first non default rule to go in there,thanks again,Techdunce :slight_smile:

Sorry, just woke up for a sec.

Looks good to me, partner, just make sure it’s above any “block all” and below any “allow” rules that would rely on those ports for anything. Like sded says, check the little “log as firewall event” box too.

If you actually generated a port set with “my port sets”, you can just add port 445 there. Otherwise don’t worry about it; the block and log will pick it up. The extra rules are really just so you don’t fill the log with routine traffic that obscures the interesting stuff. :slight_smile:

Hello again, and yes I did create a port set, but removed it before I blocked port range 137-139, have also made a rule regarding 445.So far have only rules for incoming traffic on ports mentioned,and in the right order according to Comfo`s last post.Im thinking incoming is ok for these ports, but if wrong let me know. Thanks again Sded and Comfo for sticking with it, and to rigger for link, I dont have a real live person I can ask about these issues so am sure I will bug the hell out of you again ;D ;D ;D in the meantime, and assuming all is secure,big thanks from “the dunce” :slight_smile:

For the record sded is infinitely more knowledgeable when it comes to this stuff than myself and his guidance should supersede anything I say, should our information contradict. I usually try to confine my advice to users experiencing a tight that I was fortunate enough to sort out previously (usually based on advice found here).

Good luck TD.

Belated response Comofo, and point taken.Thanks again to the both of you. Sorting this issue has been a help in itself but also shows the way for future rule making.And Ive only just noticed I was spelling your name wrong too.All the best, Techdunce :slight_smile:

Hi TechD,

If you dont do file sharing over a LAN you may want to check out THIS utility recommended to me by Goodbrazer.It`s excellant.