Not entirely true. Broadcasts (IP’s similar to 255.255.255.255, in your case 192.168.1.255) will forward requests to your computer even though your IP address isn’t specified. Although routers doesn’t normally forward broadcasts like that, it can be forced or circumvented to. Even certain programs do broadcasts.
The reason for making Block & Log rules with your computername specified as either source or destination, is to pick it up in the logs. You’ll easily distinguish between traffic directed at you or everyone. Broadcast means everyone. Similar to radiobroadcasts, which aims at everyone able to receive them.
Broadcasts is normal during boot-up (DHCP is regarded as broadcast traffic), and you might see it it in your logs if you have more than one computer in your network.
Certainly. DNS requests are outbound only, and will only make their queries on UDP 53. You can use TCP 53 for this, but thats uncommon. Either way, both UDP and TCP are reserved for this.
You will never receive inbound requests on these ports as you’re not a DNS server providing this service. If you do, just block them. They can’t harm you, but you’re not able to answer them anyway.
Many programs require outbound UDP access. It would take ages to list them all, so it’s suffice to say that you should get a pop-up stating if they need outbound UDP access. If not, atleast it would go into your logs.
Yes. If you click on the “Change” button in the Computer Name section, you’ll see your computername (hostname if you will) below the Computer Name. The Full Computer Name is your hostname and your domain you’re in put together.
Mycomputer = hostname or computername Mydomain.com = Name of the domain you’re located on. Mycomputer.Mydomain.com = DNS servers will map your IP address to this, to allow websurfing and downloading as easy as possible for you.
Websites never sends out Echo Requests like this and blocking this should have no impact on your surfing. You access their content on TCP 80 (or more commonly known as HTTP) and read it in a browser.
The Command Prompt has a function called “| more”. If your Command Prompt window is to small to read the entire output, just type: ipconfig /all 1 more. This will pause the screen, allowing you to read before continuing Edit: Correct string is: ipconfig /all | more
It’s disputed, but I would definitely say no. I firewall doesn’t control bandwidth or shape it. If the P2P program or the program you use to download/upload requires something other than the down-/upload port to function at peak performance, it’s another matter. Your firewall will block the additional port, but its the program itself that prevents streaming at full throttle from lack of access. Some P2P programs behave in this way.
Mycomputer.Mydomain.com = DNS servers will map your IP address to this, to allow websurfing and downloading as easy as possible for you.
My computer name: charliepc
My Full computer name : charliepc.
Which do I put as hostname? With or without the full stop (period)? I tried and both seem to work.
The Command Prompt has a function called "[b]| more[/b]". If your Command Prompt window is to small to read the entire output, just type: [b]ipconfig /all 1 more[/b]. This will pause the screen, allowing you to read before continuing.
I copied and pasted the second bolded text but the window closed as soon as it completed. Are you sure you gave me the correct prompt?
My pleasure. Nice to know my knowledge can help others
The one you listed at the top. charliepc (without the period/full stop). This is the hostname (hostname=computername) you’re after. Since your computer isn’t a part of a windows domain (homepc’s are usually in a workgroup), no domain name is present. You’ll inherit the domain name from your ISP.
It seems I hit the wrong key which caused the tricksy character “1” to appear instead. My apologies
The correct syntax would be: ipconfig /all | more
Be sure to open up a Command Prompt 1st and paste the whole line in there. Don’t paste it in the Start | Run function, as this will close the window after it completed the command.
Look for the line: Connection-specific DNS Suffix . : charliepc.myISP.com
The domain name that you inherit comes from your ISP (as explained further up).
How do I enter the | character into the command window? My keyboard doesn’t have it and I can’t paste it into the command window.
On a related note, I have a defragmenter which needs to start its own Windows Service on startup. CPF will ask me whether to allow it to act as a server? After clicking Yes, the Application Monitor will say “Any, Any, TCP/UDP In, Allow”. The program’s only function is to defragment my computer and not connect to internet. Do I change the Destination Port to my hostname to prevent it from connecting to the internet.
If I allow an application/component in Application/Component Monitor, will it follow the Network Rules?
As I don’t know the native keyboard you’re using, I can only guess. But on my keyboard it’s located to the left of key “1”, below the ESC key. The key itself is market with to characters, ? and |. Just look for the key which has a horizontal line on it (the character is called “pipe”)
Never heard of a defragmentation program that requires Server rights, or even Internet access. Unless it’s a 3rd part program that looks to the Internet for upgrades and patches, I’d deny it access . Especially something like Allow in, TCP/UDP, Any, Any. You can tweak this later if you want to allow it Internet Access for patches and upgrades.
No. If it’s already allowed inbound/outbound access in the Application Control Rules, it will override Network Control Rules.
I managed to find the | key. On my keyboard it is below the Backspace key but marked differently.
I use O&O Defrag which needs server access. I think the program (source) needs access to my computer (destination) so that it can defrag. I checked the Connections and Logs tabs and it doesn’t connect to the internet on program start or when defragmenting.
Could you please clarify: Other than easily distinguishing the traffic in the logs, do ‘Any’ or [computername] in the Rules both refer to my computer as Source (outbound) or Destination (Inbound) as m0ng0d pointed out in his tutorial?
In any case, I will use [computername] as you suggested for the purpose of logging.
Most of my programs need a rule for port 53 for some reason…
In application monitor you can set it to UDP, Out, to port 53.
My defrag program (OO) needs that.
The reason CFP sets the rule to any,any… is that you have your alert frequency level to low probably. Set it to very high, and the rules that are made when you click a popup, will be for IP and port and so on… better control, but a lot more popups…
I believe your Rule 0, “Block & Log, IP In, Any, Any, Where IPROTO is Any” would be the same as blocking all “server” access from the internet, (Zone Alarm terminology).
I always add this rule to the top and since a have a LAN, I use the wizard to define the local network which adds two entries just ahead of this rule.
In Network Monitor, I have done as you suggested but not in Application Monitor so as to keep it simple.
Thanks hlb,
I have already done so as suggested by Triplejolt but kept this Rule at the bottom as I want to allow some incoming connections whose rules are above this one.
I have the default TCP/UDP Out any, any, any, any, so I don’t need to make that rule in network monitor.
I have it in application monitor on the apps that need it.
Since Application Rules override Network Rules, it is not necessary to have outbound TCP/UDP in Network Rules so that only applications we approve will go out.
BTW, do Component Rules also override Network Rules?
That’s odd, because the applications I allow Internet access does not inherit it from the Network Control Rules. I only have a few rules, and none are generic IP out any-any. Since applications gets through even though I have and employ two sets of rules: Block IP in any-[My computah]
Block IP out [my computah]-any
IE still connects, and I can still waste work hours perusing the more non work-related sites out there ;D
If Network Control Rules were read 1st and took precedence, IE would get da boot here. Atleast thats what I think… Please correct me if I’m wrong.
As for the question #25 from Charlie:
If you use Any as inbound destination, your computer will receive all the traffic destined for you as well as the traffic destined for anyone on your LAN. Thats the meaning of Any=Anyone
Directional traffic intended for your computer will get through (ofcourse) and will be logged as source:any - destination:you
Unsolicited or broadcasts will also reach your computer if you allow anything on an inbound vector. That means ICMP (eg. PING sweeps) and PORT scanning attempts, DHCP broadcasts and NETBIOS broadcasts. If you’re on a big LAN like me, your log will fill up rather quickly. Making debugging and troubleshooting a trial in patience rather than a tool to help fix connection problems.
I do miss the option to use filters in the logs. Actually… I miss not having any options at all in the logs :-\
I blocked all traffic using Network Rules but still allowed my browser to go out in Application Rules. The browser cannot access any web site. So I think AOwL and Little Mac were right.
I understand now. You entered [mycomputername] instead of Any because you don’t want to receive traffic meant for other computers on your LAN.
If I’m using a computer at home without any other computers connected to it via LAN, I can use either [mycomputername] or Any. Right?
Yes. In this environment you can.
But remember that both you and your DSL router/Modem are on the same LAN, so some traffic destined for the router will reach you when you set ANY.
It shouldn’t really make any impact, but I just thought you should know.
I tested by having only one network rule (removed all the rest): Block, IP In/Out, Any, Any, Any. But I still allowed my browser to go out in Application Rules. The browser cannot access any web site. So it seems that Application Rules are also affected by Network Rules.
I ordered a new PC with Windows Vista which will arrive in a few days. Unfortunately, CPF doesn’t support Vista and CPF Support said it will out in the first half of the year. However, Vista has its own firewall which is more configurable than in XP. So I will not use CPF for a while. If Vista Firewall allows it, I will configure it the way you taught me. Many thanks.
Ofcourse not.
Besides outbound UDP 53, UDP 68, TCP 80/8080, TCP 1494 and some tweaked ICMP responses, those are my two bottom ones. I get application access-requests, and I have the choice of accepting or denying them. But some aren’t for the above mentioned ports. I’ve checked. same goes for ICMP.
I’ve done a clean install when I upgraded to the latest build (using the built-in updater failed), but there could be remnants left behind in the registry or even on the computer when I uninstalled. I never checked as I wanted to have a working firewall on my computer as quickly as possible
