To Zortag

Hi Zortag,

in a post you made I tried doing a rule you spoke of to stealth my port 139 since its always closed but I would much prefer it being stealthed

Zortag -------------------------------------------------------------------------------- If you are comfortable making firewall rules, this is rather easy to fix. 1 Make a port group ("NetBIOS & DCOM"), and add the ports 135-139 and 440. 2 In the global firewall rules, near the top, immediately AFTER all rules allowing Local LAN traffic and BEFORE allowing external (non-LAN) traffic add the following rule: Block & Log TCP or UDP Out Block & Log Outbound [NetBios & DCOM] to [Non-LAN]

Source Address: Zone: whatever you called your local network zone
Destination Address: Check the “Exclude” box, Zone, whatever you called your local network zone
Source Port: Any
Destination Port: Port Set: the port set you just created: “NetBIOS & DCOM”

This rule will allow NetBIOS and DCOM traffic within the Local Network ONLY

I did that but it still shows Port 139 as closed not stealthed for me

I didn’t see any Make a port group (“NetBIOS & DCOM”), and add the ports 135-139 and 440 in the global rules colomn.

instead this is what I did

1 went to Firewall/Network Security Policy/Global Rules then I clicked Add
2 made the new policy

Block & Log
TCP or UDP
Out
Block & Log Outbound [NetBios & DCOM] to [Non-LAN]

Source Address: Zone: whatever you called your local network zone
Destination Address: Check the “Exclude” box, Zone, whatever you called your local network zone
Source Port: Any
Destination Port: A Single Port: Port 139"

and that new rule ^was added to below the Block & Log ICMP In from Any to IP Any Where ICMP Message is ECHO Request Rule that was already there in Global rules

is there something I missed or did wrong to make this rule work?

regards

Ron