Windows XP and 2000 firewall and TCP/IP filtering.

[TommyVercetti]

The firewall and TCP/IP filtering in Windows XP, isn't that setup the other way round? If you enable TCP/IP filtering, you have 2 options; You can either permit all ports, or close all ports and just allow certain ports which you want. I always thought TCP/IP filtering was more like "Permit all ports, but do no permit the following ports because of security reasons". XP TCP/IP filtering is set more like "Deny all ports, and only allow the following ones".

I can see how this can work on servers, you only install certain applications on servers, and most apps designed to run on servers are well documented enough to tell you what ports to open up. Most applications designed for homes don't tell you that. So enabling TCP/IP filtering and only allowing certain ports would be a huge hassle. I would have to dig through a lot of internet FAQs and what not to look up why a certain application just quit working, and which ports should I open up for it.

 

[ucdnam]

Those options are for those who think they know computers, but really don't. You tell them to turn the firewall on to be safe and hey, it's less work for you. If you can't afford a true firewall and must use Windows, you can use the IPSEC included with it located under the Local Security Policy --> IP Security Policies.

 

[bsobel]

I always thought TCP/IP filtering was more like "Permit all ports, but do no permit the following ports because of security reasons". XP TCP/IP filtering is set more like "Deny all ports, and only allow the following ones".

Security defaults closed, not open. Put you bring up good reasons why people found this pretty unusable. The SP2 firewall masks alot of this from users (finally)

Bill

 

[Aves]

Originally posted by: TommyVercetti
XP TCP/IP filtering is set more like "Deny all ports, and only allow the following ones".

That makes more sense.