As this is a highly focussed series of questions and answers, I would ask other forum users not to post in this topic yet, until we have reached a logical conclusion. I ask this not to exclude other users, but to hopefully eliminate confusion and remain focussed on the original questions asked. Thanks in advance
During a default installation, the proper rules set are automatically created on the Application rules window and on the Global rules windows. They are fine as long as you don’t play with them. If you are an inexperienced user with Firewall and you want to understand what your are doing, you will want to experience with different rules and you might encounter a similar situation: get yourself locked out.
To follow this thread, a good understanding of the CSI user manual is requested. So, if you did not read it, do it now, and it will help you understand the technical definitions and the CSI setting configurations we will not explain here.
As long as I used the default rules (see: Pics 1 and 2) in Application rules and Global rules + the default Trusted Zones, the connection to my LAN and the Internet was fine.
I have removed the Application rules under System, the Global rules, and My Trusted Zones, to see what would happen (you know, the old Pandora box syndrome) and to try editing new rules from scratch.
I could not connect either my LAN or the Internet because I had to take some action (creating proper replacement rules) but I did not know which ones. Looking at the firewall Log (see: Pic 3), I set the firewall from Safe to Learn Mode.
A new rule was created (see: Pic 4):
“C\WINDOWS\System32\svchost.exe Allow | ICMP | Out | Source: Any | Destination: Any | ICMP Detail: Any” probably to supply the missing My Trusted Zone > System> My trusted Zones LAN1 rules I had deleted, and I could lucky restore my connection.
Followed by another rules:
Firewall Alert: System, Remote 192.168.56.255 - UDP, Port: nbdgram(138) - Application rules (output): System: Allow | UDP | Out | Source Address: Any | Destination Address: Any | Source Port: Any | Destination Port: Any.
Would I try to explain any of these rules, I could not!
So, here is what we will try to define:
A Step by step method to remove automatically created rules, and to create new rules manually - either TRUSTING our Network Zones, either NOT TRUSTING them (and of course, to understand these different rules set along the way)
The CSI main modules we will use are:
A) My Trusted Zones
B) Application rules: System and Svchost.exe (rules)
C) Global rules: Zones (rules)
A few basic definition questions first:
a. Loopback Zone (automatically created in the Global Zone and System zone during installation): what is it and why do I need it? Loopback is my computer connection to himself, so why do I need to create a Zone for that?
b. When I select to Trust a Zone with the wizard, this zone will be present in the Global rules AND in the Application rules. If I decline the offer of the wizard, the Zones will only be present in the Global rules. What difference does that make? (please illustrate with 2 separate examples, so I can understand).
c. the stealth my Port wizard applies different rules in Global rules, according the selection. Example if I chose stealth my port to everyone:2 rules ICPM are created. If I run the wizard again but select My trusted network: a new rules set is cr5eated in ADDITION of the previous rules set. Do I have to delete the previous rules or keep them? Why are these 2 ICPM rules created the first time and not the second?
d. What is ICMP, when do I need it, and in what module. In other word why my computer could not communicate until a new rules (see: pic 4) was created. The way I understand ICMP is Ping. That’s not important.
e. Why svchost.exe uses UDP, how can I know when UDP is needed vs. TCP or IP?
Let’s be started:
a. Step one (removal):
I remove: Application rules > System > My trusted network LAN1
I remove: Global rules > All trusted Zone (LAN/Loopback)
I remove: My Trusted Zones > All Zone (LAN/Loopback)
b. Step two (input):
Input: My Trusted Zones > New LAN Zone (for me 192.168.11.2/255.255.255.255)
From this point on assistance is needed from an expert:
Input: Do I need to define a Loopback Zone? That’s a question
Wizard: Stealth My Port Wizard: Define a new Trusted Network > I select LAN 1? That’s a question
[attachment deleted by admin]