Jump to content

Windows Firewall Rules


R4D3

Recommended Posts

Hey,

 

because the MS Firewall sucks in Standard Mode, i try to make a better rules set...

 

This set blocks Everything - that wanna call in, or out, - if you wanna allow a Prog, to connect to the Internet - you have to allow every File that a Prog need to be Connected:

 

Example:

Firefox: you have to make a rule for Firefox.exe and PluginContainer.exe first...

Opera: you have to allow OperaLauncher and Opera.exe (with every Update from Opera you need to reconfig, cause the path has changed...

 

What is allowed now ? (Call Out Only)

DNS, DHCP, Windows Update, Opera 28

 

Whats forbidden ?

Everything, thats not allowed !

Some extra Protocol's like IGMP, ICMP, and some Ports from TCP and UDP get an Extra Block - so they are forbidden even for allowed Progs)

 

- Some Programs Windows feature Rules-set are Disabled in a Test-mode (means, when you activate them, not all of them working now - if someone find the mistakes in the Test-rules (i think most of them - like feedback, just don't work, cause i need a rule for the windows online account sign in) - would be nice, if someone can fix it... (i just put in that stuff i know, for Internet connections, - but i don´t know very much...)

 

Before you try, and Import my Rules-set - Backup yours ! - and add a Rules for your Browser, - if it is not Opera 28...)


 

post-395354-0-75589300-1426418222_thumb.

post-395354-0-96667700-1426418236_thumb.

 

P.S. - i agree that a Firewall (Paketfilter) who is asking you, when a program wants to be connected (Like Kerio 2.16 for XP) would be much better - maybe in Windows 2030 we got it....

Edited by R4D3
Link to comment
Share on other sites


Honestly, this is how it should be done.... block everything with exceptions. Firewalls seem to be set as block all incoming but don't block outgoing. I suppose this is to make up for the mass amount of people that don't know how to computer. Of course, most of any infections are because a person clicks on something or goes to a website.

Link to comment
Share on other sites

  • 4 months later...
  • 2 weeks later...
  • 5 years later...

I did some kind of update and got a bit more understanding over the time... - the new ruleset allows HTTPS connections outgoing, and i added a rule to copy for other connections (some updates, even on windows do not use https - without custom additions they will be blocked! -> The WindowsUpdate-Rule is still ways to open -> i dont get it better...

Watch the pics to understand, what i understand about it, so far ;)

firewall2020.thumb.gif.cc76830a7469090becaf1a2a0f49df2e.gif

firew2020b3.thumb.gif.ca5839b67f2718a634a970a7b22e56d9.gif

R4D3.wfw

Edited by R4D3
Link to comment
Share on other sites

i use windows firewall control

i remove all the rules before the installation

set the filter level to green / medium

disable the rules that i dont need and wfc made

leave dns / dhcp v4 firefox and sometimes time service

connecting back the internet cable :)

Edited by aviv00
Link to comment
Share on other sites

He he, hey... - i used "windows firewall control" too, but i like it more native (i used kerio 2x on xp) but since than, i try to make my rules better... - now https outbound is allowed for everthing, and only progs that need other port/protokols need an extra rule -> funny that you post 9 mins ago, cause i was here to share something else ;)

So here we go: Harden NETSH-Command (for now, only german script - not finished yet)

Why this:  Some programs like Chrome, Firefox, etc -> hjacking the Firewall and adding unwanted rules! (I would prefer a MS Inbuild Password Protection against it) -> Not sure, how it works in general, but if this happens with NETSH - i decide to "Harden" this file/command via (i normally dont like them) NTFS Permissions. - In this test i only give Admin & System the right to run the command, and remove the others

TAKEOWN /F C:\Windows\System32\netsh.exe /A
icacls C:\Windows\System32\netsh.exe /inheritance:r
icacls C:\Windows\System32\netsh.exe /remove "VORDEFINIERT\Benutzer"
icacls C:\Windows\System32\netsh.exe /remove "ALLE ANWENDUNGSPAKETE"
icacls C:\Windows\System32\netsh.exe /remove "ALLE EINGESCHRŽNKTEN ANWENDUNGSPAKETE"
icacls C:\Windows\System32\netsh.exe /remove "NT-AUTORITŽT\SYSTEM"
icacls C:\Windows\System32\netsh.exe /grant VORDEFINIERT\Benutzer:(R)
icacls C:\Windows\System32\netsh.exe /grant NT-AUTORITŽT\SYSTEM:(F)
icacls C:\Windows\System32\netsh.exe /grant VORDEFINIERT\Administratoren:(F)
icacls C:\Windows\System32\netsh.exe /setowner "NT SERVICE\TrustedInstaller"

TAKEOWN /F C:\Windows\SysWOW64\netsh.exe /A
icacls C:\Windows\SysWOW64\netsh.exe /inheritance:r
icacls C:\Windows\SysWOW64\netsh.exe /remove "VORDEFINIERT\Benutzer"
icacls C:\Windows\SysWOW64\netsh.exe /remove "ALLE ANWENDUNGSPAKETE"
icacls C:\Windows\SysWOW64\netsh.exe /remove "ALLE EINGESCHRŽNKTEN ANWENDUNGSPAKETE"
icacls C:\Windows\SysWOW64\netsh.exe /remove "NT-AUTORITŽT\SYSTEM"
icacls C:\Windows\SysWOW64\netsh.exe /grant VORDEFINIERT\Benutzer:(R)
icacls C:\Windows\SysWOW64\netsh.exe /grant NT-AUTORITŽT\SYSTEM:(F)
icacls C:\Windows\SysWOW64\netsh.exe /grant VORDEFINIERT\Administratoren:(F)
icacls C:\Windows\SysWOW64\netsh.exe /setowner "NT SERVICE\TrustedInstaller"

pause

When its proved, i maybe do an english Version to...

- i get some unicode/utf problem with the script, - so the german "Ä" is "Ž"

 

P.S. MS BUG INFO

If you edit Firewall Rules, DO NOT COPY AND PASTE NAMES, or the console will crash

Edited by R4D3
Link to comment
Share on other sites

12 hours ago, R4D3 said:

and adding unwanted rules! (

hey

yes also windows adding back

so i use secure rules option in wfc

it can del them or disable them

 

also sometimes i set firefox only for normal user  to accessing the internet

and running it with bat file no need to enter password

using runas and savecerd option

running in normal user put another layer of security 

 

if ms could apply the root idea from linux here

it will save us time and lots of effort

Edited by aviv00
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...