Create the strongest body armor! Windows XP SP2 Firewall Settings

The Windows Firewall in WinXP SP2 (hereafter referred to as SP2) replaces the original Internet Connection Firewall (ICF, Internet Connection Firewall). This improved firewall is turned on by default and supports both IPv4 and IPv6 network protocols, providing more security for our computers. This article will lead you to understand the new features of Windows Firewall and the basic settings.

First, the new features of the firewall
Compared with ICF, the Windows Firewall in SP2 has been significantly improved. The first is the runtime of the firewall. In previous versions of WinXP, there was a period of time between the loading of the network stack and the ICF run, which meant that the entire system was completely exposed during the period from system startup to full operation of the firewall, and was not exposed to the firewall. protection. This is because the system services required for ICF operation are started after the system is booted. The ICF service also depends on other system services. When the services are not running, the ICF services will naturally not run. A new simple protection called "Boot-Time Policy" has been added to the SP2 system. With this protection, we can only use a few required network services, such as the contact between the DNS server and the DHCP server. Wait until the network activity is normal after the firewall is started.
The new Windows Firewall is not only enabled by default, but its configuration interface is also more beautiful. In addition, new features of Windows Firewall include: local subnet restrictions; common configuration options applied to all connections; built-in IPv6 support; new Group Policy configuration options; specific communications can be specified by the application's file name (The original ICF can only specify a port, but cannot specify a program. Now you can select a specific program directly in the allowed communication).

Second, security alert
In SP2, when the user runs an application locally and provides services as an Internet server, Windows Firewall will pop up a new security alert dialog box. This application or service can be added to the Windows Firewall exception by selecting an option in the dialog box (ie, "Unblock this program" is selected), and the Windows Firewall exception configuration will allow specific inbound connections. Of course, you can also manually add programs to the exceptions or add ports to the exceptions. For specific addition methods, see the firewall option settings below.

Once the program is to provide connectivity services, the firewall will alert the user

Third, the firewall option is set
click "Start → Control Panel", then double-click Control Panel in Classic View " Windows Firewall", you can open the Windows Firewall console. In addition, you can also open the firewall console by clicking "Windows Firewall" under SP2's newly added Security Center interface.

1. On the General tab

there are two main options in the Windows Firewall console "General" tab: On (recommended) and off (not recommended), a sub-option "Do not allow exceptions." If you choose not to allow exceptions, Windows Firewall will block all network requests that connect to the user's computer, including applications and system services in the Exceptions tab list. In addition, the firewall will also intercept file and printer sharing, as well as network device detection. Using a Windows Firewall that does not allow exceptions is simply "closed" and is more suitable for "high-risk" environments, such as restaurants, hotels, and airports that connect to personal computers on public networks.

2. Exceptions tab

not arbitrarily allows the server to take effect

Some programs require external communications, you can add them to the "Exceptions" tab, where the program will be chartered to provide connectivity services , that is, you can listen and accept connections from the network.

Under the Exceptions tab interface, there are two add buttons, "Add Program" and "Add Port", which can be manually added according to the specific situation. If you don't know which port an application communicates with the outside world, or if you don't know if it is based on UDP or TCP, you can add an exception by adding a program. For example, to allow Windows Messenger to communicate, click the "Add Program" button, select the application "C:\\Program Files\\ Messenger\\Messenger\\msmsgs.exe", and then click "OK" to add it to the list.

If you are familiar with the port number and TCP/UDP, you can use the latter method, that is, specify how to add the port number. For each exception, you can specify its scope by "change scope". For home and small office application networks, it is recommended to set the scope to a possible local network. Of course, you can also customize the IP range in the scope so that only network requests from a specific IP address range can be accepted.

3. Advanced Tab

The "Advanced" tab contains four options for network connection settings, security records, ICMP settings, and restore default settings, which can be configured according to the actual situation.

◆Network Connection Settings
Here you can choose which connections the Windows Firewall applies to. Of course, you can configure a connection separately, which can make the firewall application more flexible.

◆ Security Record
The logging of the new Windows Firewall is similar to that of ICF. The settings in the log option can record the tracking record of the firewall, including all matters of discard and success. In the log file option, you can change the location where the log file is stored, or you can manually specify the size of the log file. The default option for the system is to not record any interception or success, and the size of the log file defaults to 4MB.

◆ICMP Settings
The Internet Control Message Protocol (ICMP) allows computers on the network to share error and status information. When an item is selected in the ICMP Settings dialog box, the corresponding description information is displayed at the bottom of the interface, which can be configured as needed. By default, all ICMPs are not open.

◆Default Settings
If you want to restore all Windows Firewall settings to their default state, you can click the "Restore to Defaults" button on the right.

IV. Group Policy Deployment

Group Policy settings have a high priority

In ICF, only through network connections, network creation wizards and The Internet Connection Wizard performs or disables ICF, and the new version of Windows Firewall can control firewall status, allowed exceptions, and more through Group Policy.

Click "Start → Run", enter "gpedit.msc" in the "Run" dialog box, and then click "OK" to open the WinXP Group Policy Editor. Once you enter the Group Policy Editor, you can use it to configure your Windows Firewall. From the left pane, expand Computer Configuration→Administrative Templates→Network→Network Connections→Windows Firewall. Under Windows Firewall you can see two branches, one is the domain configuration file and the other is the standard configuration file. Simply put, when a computer is connected to a network with a domain controller (that is, when there is a dedicated management server), the domain configuration file works, and instead, the standard configuration file works. The default value takes effect even if no standard configuration file is configured.

Tip: Windows Firewall configuration and status information can also be obtained through the command line tool Netsh.exe. You can enter the "netsh firewall" command in the command prompt window to get firewall information and modify firewall settings.

As can be seen from the previous introduction, the Windows Firewall integrated in SP2 is close to many mature personal firewall products. Although this new version of the firewall lacks the features of some third-party vendors' products (such as output filtering), it is a good choice for individual users.