Creating a predefined rule
The following steps can be used to create a new predefined
rule using the Windows Firewall with Advanced Security
snap-in:
-
Launch the New Inbound (or Outbound) Rule Wizard, and
select Predefined on the Rule Type page.
-
Click the list control shown in Figure 8 earlier,
and select the Windows feature or service that you will use the
new rule to control.
-
On the Predefined Rules page, select one or more
predefined rules to be created.
-
The options on the Action page are the same as those
described earlier.
Once a predefined rule has been created, you can open its
properties by double-clicking on the rule in either the Inbound
Rules or Outbound Rules sections of the Windows Firewall with
Advanced Security snap-in. As Figure 9 shows,
predefined rules are called out with a special informational message
bar, and only a subset of the criteria in the rule can be configured
by the administrator. This is true regardless of whether the
predefined rule was created automatically when you installed its
associated Windows feature or manually created the rule.
The following steps can be used to create a new program rule
using the Windows Firewall with Advanced Security snap-in:
-
Launch the New Inbound (or Outbound) Rule Wizard, and
select Custom on the Rule Type page.
-
On the Program page, specify the full program path and
executable name of the program on the local computer that you
want the new rule to apply to. Alternatively, you can select All
Programs to have the new rule apply to all traffic that matches
the criteria specified in the rule:
You can also click Customize to specify which Windows
services the new rule should apply to. Doing this opens the
Customize Service Settings dialog box, which you use to
configure the rule so that it applies to the following:
-
All programs and services running on the local
computer
-
All services running on the local computer
-
A particular service running on the local
computer
-
A particular service that has a specified short name
running on the local computer
-
On the Protocols And Ports page, begin by specifying the
type of protocol to which the rule should apply. Support
protocol types include TCP, UDP, ICMPv4, IGMP, IPv6, ICMPv6,
L2TP, and others. If you select either ICMPv4 or ICMPv6, you can
click Customize to specify whether the rule should apply to all
types or specific types of ICMP messages. You can also select
Any to have the rule apply to all types of protocols, or select
Custom to have the rule apply to a protocol number you
specify.
Then specify whether the rule should apply to all local
ports or only to specific ports for both local and remote
ports:
-
On the Scope page, specify the local and remote IP
addresses to which the new rule should apply:
-
The options on the Action, Profile And Name page are the
same as those described earlier.
Quick check
Quick check answer
-
Block All Connections is the most secure because it
blocks all inbound traffic to the local computer. This setting
is usually not used, however, because it prevents the user
from downloading webpages, receiving email, or otherwise
communicating over the network.
