Windows 7 firewall settings

Source: Internet
Author: User

Win7 Professional Control Panel> system and security> Windows Firewall> advanced settings for example, to allow other machines to access port 1521, you can create a rule in the inbound rule. Choose "inbound rules"> "right-click" new rule ">" rule type (port) ">" TCP or UDP ", open the port, and enter the following information as prompted by the wizard. note that a name can be set for the rule to facilitate future search, for example, "allow 1521. After the configuration is complete, you can find that the rule is green and takes effect, and then you can use other machines to access the test. Some firewall configuration problems are listed for reference: win7 is much more secure than windows XP. Now let's take a look at some of win7's firewall design. About Windows 7 firewall.
Pay attention to these problems when setting Windows 7 firewall.
1. First, disable the auto-restore function of win7. The Automatic Restoration of win7 is called Intelligent restoration. When I set up a firewall, I was very depressed. I don't know what went wrong. This is because it is restored when it is restarted after it is set. I thought it was a Trojan and uninstalled the 360 software. To disable auto-Restore, click Start> Control Panel> system protection select local disk (C. UAC may appear. You need to enter the administrator password.
2. Start at-enter the "cmd.exe" program in the search program and file box. The "cmd.exe" program will be displayed on the "cmd.exe" page. Right-click the program and run it as an administrator If you are already an administrator, UAC will only prompt you. It is now in the command line. Run secpol. msc to open the Local Security Policy Dialog Box. Note that the difference between Windows 7 and Windows xp is that in Windows xp, the Administrator account must have the Administrator permission, which is consistent. However, in Windows 7, the program is still running as an administrator account. It can also be seen from the cmd that, if it is an administrator, the above will show the administrator, if it is a general score, it will not show. However, if you run the program with the administrator account, you run the program with the administrator permission. This is the difference between administrator and other administrator accounts. In win7, administrator is disabled by default.
3. Navigate to advanced security Windows Firewall. Right-click Advanced Security Windows Firewall-Local Group Policy Object-click Properties to open the Properties dialog box. For home users, domain, private, and public settings are generally consistent. In fact, if you only use public network, you only need to set the public configuration file tab. But for simplicity, we set it to the same. Firewall Status: enabled (recommended); inbound connection: blocking all connections; outbound connection: blocking. We did not select the default settings. The default security is lower than our settings. For home users, if you select inbound connection: to block all connections, your computer cannot be a server, and many software functions such as emule and kugoo will be blocked, if you do not want to be so strict, for example, if you still want to use remote desktop, set it as inbound connection: block (default. We do not use the default value for outbound connection. We will briefly introduce these two items. If the default value is set for inbound connections, inbound connections that comply with the rules are allowed. If it is set to block all connections, any inbound connections are prohibited, even if it complies with the rules, it cannot connect to the local machine. In this case, Remote Desktop cannot be used. If the outbound connection is set to allow (default), any program can access the Internet. This is what we do not want. We only want the program we allow to access the Internet. Click OK after setting. If nothing happens, no program can access the Internet at this time. (If IE can, it indicates it has been added to the rule. We do not need to add Internet Explorer access rules later .)
4. Click inbound rules and outbound rules. The following is blank. Because we have not yet allowed the program to access the network. We do not need to set the inbound rules for because we have blocked all connections and it is useless to set the inbound rules. Outbound rules need to be set. Otherwise, how can we access the Internet? Right-click an outbound rule and choose create rule. In the displayed dialog box, select the program and enter system in the program path. Next, set the program to allow connections, enter "Allow system to access the network" in the name. In the rule box on the right, you can modify the rule we created. We do not need to modify the system. Note: If you set your network to a private network when surfing the internet, you need to check before the private network, rather than public network. After this rule is configured, the rest will be similar. We need to create three rules to lay a solid foundation for Internet access. The other two rules are as follows: (1) Name: Allow DNS; program and service-This program: % SystemRoot % \ System32 \ svchost.exe; Protocol and port-protocol type: UDP Local Port: 1024-65535, remote port: 53; advanced: public. (2) Name: allow ECHO; Programs and Services: All programs that meet the specified conditions; Protocol and port-protocol type: ICMPv4; advanced: public. Add the preceding rule to allow the system to access the network. There are three in total. Okay. This stage is complete.
5. Click Control Panel> windows Firewall> windows Advanced Settings. The UAC control dialog box appears, asking you to confirm whether to continue. If not, you need to enter the administrator password. Open the advanced windows security firewall on the local computer. The inbound and outbound connections under the firewall are the same as those under the Group Policy. There are three rules that we have previously set and cannot be changed here. The group policy setting is higher than the setting here. We export the rules here and save them in a file for future recovery. If you understand the rules, you do not need to recover them. Here, we just prevent you from making a mistake to restore them. Delete all the items that can be deleted (or disable all the items that can be deleted, so you do not need to export them ). Of course, the three above cannot be deleted. Click an out-of-the-box rule and create a new rule with the following name: "allow Internet access by IE"; program and service: % ProgramFiles % \ Internet Explorer \ iexplore.exe; Protocol and port -- protocol type: TCP, local Port: 1024-65535, remote port: 80; advanced: public. Open IE and you can see that you can access the Internet. Other settings are similar. In this way, only the programs we allow can access the network. QQ settings: name: Allow QQ to access the Internet; Protocol and port -- protocol type: UDP, remote port: 8000, advanced: public. If you set QQ as above, you need to specify the login Port Number of QQ on the QQ login interface. If you do not specify the remote port number, you do not have. If you cannot determine the port number used by a program, you can use it as needed. The port number is more restrictive. We can see from the previous settings that only system is open. In addition, the port used by svchost.exe is open, and it can only communicate with the remote port 53, which is essentially closed. Because Trojans cannot communicate with remote port 53. In group policy settings, I am not sure whether system must be enabled. When I first tried it, if it wasn't open, it seemed that I couldn't access the internet. Now I can use this rule again. The remaining two items must be open. Otherwise, the network cannot be accessed. From the column hongweigg

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.