XP comes with firewall settings detailed

The currently released windows xp service pack 2 (sp2) includes the windows firewall, formerly known as the internet connection firewall (icf). Windows Firewall is a host-based stateful firewall that discards all unsolicited incoming traffic, that is, traffic that does not correspond to a request sent to the responding computer (requested traffic), nor does it correspond to what has been specified as Allowed unrequested traffic (abnormal traffic). Windows Firewall provides some level of protection against malicious users and programs that rely on unsolicited incoming traffic to attack computers on the network.

In windows xp sp2, Windows Firewall has many new features, including:

The default is to enable all connections to the computer, a new global configuration option for all connections, use New dialog set for global configuration, new operating mode, boot security, local network limit, abnormal traffic, built-in support for Internet Protocol version 6 (ipv6) via application file name

New configuration options with netsh and group policies

This article will detail the dialog set for manually configuring the new Windows Firewall. Unlike the icf in windows xp (pre-sp2), these configuration dialogs can configure both ipv4 and ipv6 traffic.

Windows xp (pre-sp2 version) icf settings contain a single checkbox (on the "Advanced" tab of the connection properties "protect me by restricting or blocking access to this computer from the internet The Computer and Network checkbox and a Settings button that you can use to configure traffic, log settings, and allowed icmp traffic.

In windows xp sp2, the checkbox on the Advanced tab of the connection properties is replaced with a "Settings" button that you can use to configure permissions for general settings, programs, and services. , specify settings for the connection, log settings, and allowed icmp traffic.

The "Settings" button will run the new Windows Firewall Control Panel program (found in the "Network and internet connection and security center" category).

The new Windows Firewall dialog contains the following tabs:

General" Exceptions "Advanced" General Tabs

On the General tab You can choose from the following options:

"Enable (Recommended)"

Select this option to enable Windows Firewall for all network connections selected on the "Advanced" tab.

When the Windows Firewall is enabled, only the requested and abnormal incoming traffic will be allowed. Abnormal traffic can be configured on the Exceptions tab.

"Abnormal traffic is not allowed"

Click this option to allow only incoming traffic for the request. This will not allow abnormal incoming traffic. The settings on the Exceptions tab are ignored and all connections are protected regardless of the settings on the Advanced tab.

"Disable"

Select this option to disable the Windows Firewall. This is not recommended, especially for network connections that are directly accessible via the internet.

Note that for all connections and newly created connections to computers running Windows XP SP2, the default setting for Windows Firewall is "Enable (Recommended)". This can affect the communication of programs or services that rely on unsolicited incoming traffic. In such cases, you must identify those programs that are no longer working and add them or their traffic as abnormal traffic. Many programs, such as internet browsers and email clients (such as Outlook Express), do not rely on unsolicited incoming traffic, so they can operate correctly with Windows Firewall enabled.

If you are using Group Policy to configure the Windows Firewall on a computer running Windows XP SP2, the Group Policy settings you configured may not allow local configuration. In such cases, the options on the General tab and other tabs may be grayed out and cannot be selected, even local administrators cannot make selections.

Group Policy-based Windows Firewall settings allow you to configure a domain profile (a set of windows firewall settings that will be applied when you connect to a network that contains a domain controller) and a standard profile (a set of The windows firewall settings that will be applied when you connect to a network like the internet that does not contain a domain controller). These configuration dialogs only show the Windows Firewall settings for the currently applied profile. To view the settings of a profile that is not currently applied, use the netsh firewall show command. To change the settings of a profile that is not currently applied, use the netsh firewall set command.

Exceptions Tab

On the Exceptions tab, you can enable or disable an existing program or service, or maintain a program or service that defines abnormal traffic. list of. Abnormal traffic will be rejected when the "Allow abnormal traffic" option on the "General" tab is selected.

For windows xp (pre-sp2), you can only define abnormal traffic based on the Transmission Control Protocol (tcp) or User Datagram Protocol (udp) ports. For windows xp sp2, you can define abnormal traffic based on the tcp and udp ports or the file name of the program or service. This configuration flexibility makes configuring anomalous traffic easier when the tcp or udp port of the program or service is unknown or needs to be dynamically determined at the start of the program or service.

There are a set of pre-configured programs and services, including:

File and Print Sharing, Remote Assistant (enabled by default), Remote Desktop, upnp framework, these predefined programs and services Cannot be deleted.

If Group Policy allows, you can also create additional exception traffic based on the specified program name by clicking Add Program and create a tcp or udp based port by clicking Add Port Abnormal traffic.

When you click Add Program, the Add Program dialog box will pop up, where you can select a program or browse the file name of a program.

When you click Add Port, the Add Port dialog box will pop up where you can configure a tcp or udp port.

One of the features of the new Windows Firewall is the ability to define the range of incoming traffic. The scope defines the network segment that is allowed to initiate abnormal traffic. When defining the scope of a program or port, you have two options:

"any computer"

Allows abnormal traffic from any ip address.

"Just only my network (subnet)"

Allow only abnormal traffic from the following ip address, ie the local network segment to which it is connected to the network connection receiving the traffic (sub Net) matches. For example, if the IP address of the network connection is configured to