The English version of Windows XP Service Pack 2 (SP2) has been released, including a new Windows firewall, which is previously referred to as an Internet connection firewall (ICF). The Windows Firewall is a host-based state firewall that discards all unsolicited incoming traffic, that is, the traffic transmitted from a request to respond to a request for a response computer (requested traffic), no corresponding to the designated as Allowable unsuplex traffic (abnormal flow). The Windows firewall provides some degree of protection to avoid malicious users and programs that depend on the unsatched incoming traffic to attack the computer on the network.
In Windows XP SP2, Windows firewall has many new features, including:
By default all connections to your computer
New global configuration options applied to all connections
New dialog box for global configuration
New operating mode
Start security
Local network restriction
Abnormal flow can be specified by the application file name
Built-in support for the 6th edition (IPv6) of the Internet Protocol
New configuration options with NetSh and group strategies
This article will be described in detail to manually configure a new Windows firewall dialog set. Unlike the ICF in Windows XP (SP2), these configuration dialogs can configure IPv4 and IPv6 traffic simultaneously.
The ICF settings in Windows XP (SP2) include a single check box ("Advanced" tab on the connection property "to protect my computer and network" by limiting or blocking access from Internet to this computer. Box) and a "Settings" button, you can use this button to configure traffic, log settings, and allowed ICMP traffic.
In Windows XP SP2, the checkbox on the Advanced tab of the Connection Properties is replaced with a "Settings" button, you can use this button to configure permissions for general settings, programs, and services, specifying the connection settings , Log settings and allowed ICMP traffic. The Settings button will run a new Windows Firewall Control Panel (available in the Network, Network and Internet Connection and Security Center "categories).
The new Windows Firewall dialog box contains the following tab:
"conventional"
"abnormal"
"advanced"
General tab
On the General tab, you can choose the following options:
"Enable (recommend)"
Select this option to enable Windows Firewall to all network connections selected on the Advanced tab. The Windows firewall will only allow request and an abnormal incoming traffic. Abnormal traffic can be configured on the Exceptions tab.
"Do not allow an abnormal flow"
Click this option to allow only the request to enter the traffic. This will not allow an abnormal incoming traffic. The settings on the Exceptions tab will be ignored, and all connections will be protected regardless of the settings on the Advanced tab.
Disabled
Select this option to disable Windows firewall. Do not recommend this, especially for network connections accessible directly through the Internet.
Note that all connections to computers running Windows XP SP2 and newly created connections are "Enable (Recommended)". This may affect communication between programs or services that rely on unsuccessful incoming traffic. In this case, you must identify programs that are no longer operated, add them or their traffic as abnormal traffic. Many programs, such as Internet browser and email clients (such as: Outlook Express), without relying on unsuitable incoming traffic, so it is possible to operate properly in the case of enabled Windows firewall.
If you are configuring a Windows Firewall for a computer that runs Windows XP SP2 using Group Policy, the Group Policy settings you configure may not allow local configuration. In this case, the option on the "General" tab and other tabs may be gray, and the local administrator cannot be selected. Group Policy-based Windows Firewall Settings Allows you to configure a domain profile (a set of Windows firewall settings that will be applied to a domain controller) and standard configuration files (a group will connect to you The Internet does not contain the Windows firewall settings applied when the domain controller is used. These configuration dialogs show only Windows firewall settings for the currently approved configuration file. To see the settings of the currently unapproved configuration file, use the Netsh FireWall show command. To change the settings of the currently not applied, you can use the Netsh FireWall Set command.
"Abnormal" tab
On the Exceptions tab, you can enable or disable an existing program or service, or maintain a list of programs or services used to define exception traffic. The abnormal traffic will be rejected when the "Not Allow Exception" option on the "General" tab is selected.
For Windows XP (SP2 Previous versions), you can only define an abnormal flow based on the Transmission Control Protocol (TCP) or User Data Raising Protocol (UDP) port. For Windows XP SP2, you can define an abnormal traffic based on the file name of the TCP and UDP ports or programs or services. This configuration flexibility makes it easier to configure an abnormal flow when the TCP or UDP port of the program or service is not known or need to be dynamically determined when the program or service is started.
There is a set of pre-configured programs and services, including:
File and print sharing
Remote Assistant (Enabled by default)
Remote Desktop
UPnP framework
These predefined programs and services cannot be deleted.
If the Group Policy allows, you can also create additional abnormal traffic based on the specified program name by clicking Add Program, and create an exception traffic based on the specified TCP or UDP port by clicking Add Port.
When you click Add Program, the Add Programs dialog box will pop up, you can select a program or browse the file name of a program.
When you click Add Port, you will pop up the Add Port dialog where you can configure a TCP or UDP port.
One of the features of the new Windows firewall is to define the range of incoming traffic. The range defines a network segment that allows an abnormal flow. You have two options when defining programs or ports:
"Any computer"
Allowing abnormal traffic from any IP address.
"It's just my network (subnet)"
Only the abnormal flow is allowed from the IP address, i.e., it matches the local network segment (subnet) connected to the network connection to which the traffic is received. For example, if the IP address of the network connection is configured to 192.168.0.99, the subnet mask is 255.255.0.0, so abnormal traffic only allows IP addresses from 192.168.0.1 to 192.168.255.254.
When you want to allow local home networks to connect to computers on the same subnet to access a program or service, it does not want to allow potential malicious Internet users to access, then "only is my network (subnet)" The set of addresses is useful.
Once a program or port is added, it is disabled by default in the Program and Service list.
All programs or services enabled on the Exceptions tab are enabled on all connections selected on the Advanced tab.
Advanced tab
The Advanced tab contains the following options:
Network connection settings
Security log
ICMP
default setting
Network Connection Settings
In Network Connection Settings, you can: 1. Specify the interface set to enable Windows firewall on it. To enable the Windows Firewall, select the checkbox followed by the network connection name. To disable the Windows firewall, clear the check box. By default, all network connects are enabled by Windows Firewall. If a network connection does not appear in this list, it is not a standard network connection. This example includes a custom dial program provided by Internet Service Provider (ISP).
2. Configure a separate network connection to configure a separate network connection by clicking the Network Connection Name and click Settings.
If you clear all check boxes in Network Connection Settings, the Windows firewall will not protect your computer, regardless of whether you are enabled (recommended) on the General tab. If you select "Do not allow exception traffic" on the General tab, the settings in Network Connection Settings will be ignored, and all interfaces will be protected.
The Advanced Settings dialog box will pop up when you click Settings.
On the Advanced Settings dialog, you can configure specific services in the Service tab (configured only according to TCP or UDP ports), or enable specific types of ICMP traffic in the ICMP tab. These two tabs are equivalent to the ICF configuration tab in Windows XP (SP2).
"Safety Log"
In the Safety Log, click Set to specify the configuration of the Windows firewall log in the Log Settings dialog.
In the Log Settings dialog box, you can configure whether you want to record discarded packets or successful connections, as well as the name and location of the specified log file (default is set to systemrootpfirewall.log) and its maximum capacity.
ICMP
In "ICMP", click Set "to specify the allowed ICMP traffic type in the" ICMP "dialog.
In the ICMP dialog, you can enable and disable the type of ICMP message that Windows Firewall allows all Connection ICMP messages selected on the Advanced tab. ICMP messages are used to diagnose, report error conditions, and configurations. By default, any ICMP messages are not allowed in this list.
A common step in diagnostic connection issues is to use the PING tool to verify the computer address you try to connect. When inspected, you can send an ICMP Echo message and get an ICMP Echo Reply message as a response. By default, the Windows firewall does not allow incoming ICMP ECHO messages, so the computer cannot send back an ICMP Echo Reply message as a response. To configure the Windows firewall to allow incoming ICMP ECHO messages, you must enable "Allow Incoming ECHO Request" settings.
"default setting"
Click Restore Default Settings to reset the Windows Firewall back to its initial installation status. When you click Restore Default Settings, the system prompts you to verify your own decision before the Windows Firewall setting change.
