Software Firewalls




Articles & Videos



Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have been seeing quite a bit of traffic attempts from a specific ip address to access the above described firewall
how can I block this specific ip address without just blocking all?
Put Machine Learning to Work--Protect Your Clients
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

I have a new customer the VPN going straight to the customer was working fine with Comcast crappy router, I install a pfsense and created a rule under nat for VPN, setup server with a static IP etc. somehow this does not work. any help greatly appreciated
hi I need some assistance setting up the wan on a new pfsense appliance, I followed the instructions somehow I still can't browse.
how do I setup the wan on this, most tutorials show an older version of pfsense and honestly I'm a total noob on pfsense.
HI I am kind of new to this of sense firewall, I have the latest release, my question is about the subnetting for I have to use /30 if I'm not mistaking. also if I'm setting up a VPN server inside the network were do I open ports for this. I look into the nat and configure some things there but I can't be sure.

We have a Windows Server 2008 R2 configured as a NAT Server. Currently we have limited bandwidth, so I would like to monitor usage per user. Is it possible to monitor usage via Windows somehow? If not can anyone advise a freeware solution?

Best Regards,

I am going to setup a new PFSense firewall. There are few pieces of equipment on the network that I don't want to have to pay for public facing static IP's for, but I would like to open ports up so they are publicly available to the maintenance people when they are offsite. How do I go about containing those IP's so they can only see out to the internet and not internal to the network in case those pieces of equipment were to be compromise?
I am configuring the NSG for inbound traffic for a Virtual Machine hosted in Azure.
The inbound rule looks as follows:

The advisor is alerting that connetions say any / any
I need to leave the incoming as any because the users of the site may come from anywhere, but the destination should only be the VM particular website.
How should I configure the destination IP ?

currently looks like this:

I am not sure what to enter in the source port/range?  The internal IP of the server, the external IP of the IP of the firewall where the DNS points at?
"...some settings are managed by your system administrator"
I did a gpresult and can't find any GPO that is related to firewall.

I uninstalled Symantec Endpoint Protection and since then can't turn it on. Downloaded their app uninstaller to make sure it was fully uninstalled but it made no difference. Any ideas guys?
Hi everybody,

Kindly provide me some free proxy list which can be integrate in symantec messaging gateway under "Third Party Bad Senders"
We accidentally clicked on "Restore Default" in Windows 10 firewall screen and now internet extremely slow and most times it doesn't connect.  When we check the inbound it had many option uncheck when prior the restore were check.  Unfortunate we don't know which should be checked or not.  Any EE can help us set the inbound to permit normal internet usage.  Note, prior placing the questions we thought it was the AV apps and we uninstalled them and installed again but didn't work.

Pleases advice.
Guide to Performance: Optimization & Monitoring
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Hello All;

I am going to use the following script to add to the Windows Firewall, a list of IP Addresses.

netsh advfirewall firewall set rule name="IP Block" dir=in interface=any action=block new remoteip=<IP_Address>/32,<IP_Address>/32,<IP_Address>/32,<IP_Address>/32

Open in new window

2 Questions.
How do you UPDATE an existing rule?
The above script will update the existing RULE, however. It will overwrite all the IP Entries.
I need to add to that list.

I test the script to make sure it would work, and I added my other computer to it.
Well, it works and now my other computer cannot access this computer.
I deleted the entry, and still cannot access this computer.
I cut off the Windows Firewall for Domain, and the computer was then able to access this system.

So, HOW can I remove an entry, if a person contacts me, that is an innocent bystander, that was not a part of the hack attempt, and needs the IP removed. I would HATE to have to reboot the server every time I get a request to remove an IP Address.

(I believe the mistake I made, was "Deleting" the rule, and I should have "Disabled" the rules.
That is what I get from reading the site.
That only Disabled Rules are not monitored as Active.
So, it seems the ones I deleted, and still showing as Active)
I checked in the Registry, and there is nothing there.
So, I am unsure where these are located at.

Inbound (ONE rule with 2 entries)
Windows Firewall Inbound IP Deny RuleFirewall (THREE Hack Attempt Rules) These cannot be removed. There is NO option to remove them.
Windows Firewall 3 IP Deny RuleWayne
Hello All;

OK, as the subject states. We are wanting/needing to block IP addresses.
I do not currently have a professional industry standard hardware firewall at the moment.
So, we are going to rely on Windows Firewall or Other, software based Firewall.

Whichever route that we take.
We will need to have access to the file that the IP Addresses are stored at.
Rather is it through

Windows Server
     Windows Firewall and Advance Security
          Inbound Rules
OR, through

IIS - Internet Information Services
                   IP Address and Domain Restrictions

I am thinking that using the Windows Firewall and Advance Security,
Would be the better of the two to use.

If either one of these are the ones, and I would prefer to stick with either one of these.
(preferably the Window Firewall)
How would I access the file where the IP Addresses are stored at?
I am writing a application that grabs IP Addresses of potential hackers on our mail server.
The script is fully functional already, except for blocking said IP Address from access the system altogether.

Any ideas suggestions, anything.
Thank You
Hi All,

Had anyone done firmware upgrade for pfsense from 2.2.6 to 2.3.3? is it stable? what instructions you followed for the upgrade?

We have API comms with our vendor.

In what way(s) do an API firewall help?
We have an MS SQL database server with Microsoft Windows Server 2012 standard. Until we are able to procure a proper firewall solution, we are relying on the Windows built-in firewall.

Is there any way to "whitelist" IP address ranges within Windows firewall? In other words, I want to add a rule which blocks everything by default except a list of exclusion IP address and IP address ranges. Thus, if my work LAN ranges uses range A.B.C.* and we have another branch IP range D.E.F.*, is there a way to add a rule which blocks all incoming connections to the server except any IP's that come from the above white listed ranges?

I cannot see the facility to do this within Windows Firewall. It only seems to allow you to specify local versus external IP address ranges in the scope, for which the rule will either allow or block all of those ranges.

One work-around I thought of is to first create a rule that specifically allows all incoming connections from the specific IP ranges I want to allow, and thereafter create a rule that blocks everything from all IP ranges. Will that work?
I have a virtual lan set up with 2 subnets.

I have postfix set up on the A network.  I have virtualmin set up on a server on the B network.

I have 0 problems sending and receiving email through the postfix server from the WAN and from within the A subnet.
The block of IP addresses assigned to my server have 1 assigned to network B and 4 assigned to network A.

From the B network, I try to telnet into the public IP of the postfix server and I get nothing. Pinging that same address gets a response.  I need to use the public IP because php in vietualmin is using DNS to find the domain, and it's DNS is completely separate from the A network.

What is happening is public IP from B is attempting to access the public IP from A. I have the firewall ports on the WAN for the smtp port open to the world and Natted properly.  I tried putting an explicit rule to allow the public IP from B to the public IP of the postfix server, but I still get nothing.  Am I missing something?
I don't have credentials to see inside of our checkpoint device.  What is the difference between Eth1 vs Eth1-01?

Eth1 (bond2)
Eth2 (bond2)
Eth3 (bond2)
Eth4 (bond2)
Eth7 (Sync)
Eth1-01 (bond1)
Eth1-02 (bond1)
I need to stop the bit torrent port 6881 traffic from that port
Is there a way to effectively block file sharing sites for a limited # of users.
I imagine if I wanted to block for everyone I could change some firewall settings or use filtering software but what about for only one user?
What Is Transaction Monitoring and who needs it?
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

We've installed a local firewall on our machines (McAfee Firewall). I've created a rule to Deny All unsolicited Inbound TCP traffic into the machine. How can I test to see if this is working? I'm not to familiar with any tools to do so.

I do have test machines in place with the policy. My questions was more or less how I can test to see if unsolicited inbound traffic is being blocked. Any tools I can run from my machine, targeting a machine that has the policy and seeing the results showing blocked.
I don't have access to the networking equipment.
I am troubleshooting why SQL server can't establish a connection between two servers on port 5022.
Running netstat -an | find "5022" on both sides shows that TCP port 5022 is in LISTENING state.

I installed PuTTy on both sides but when I try telnet to port 5022 I get the error "Connection closed by remote host"
On one server,  netstat also shows the connection in a TIME_WAIT status. On the other server, there is no change.

I have added outbound and inbound rules on the Windows Firewall on both servers and even tested it with the Firewall off. Still can't telnet.

Is this enough to say that a firewall on the network is blocking the connection or is there something else I can check?
mcafee administrator blocked all .vbs extensions etc , so whenever any trusted software ( microsoft, adobe) install or deploy , it needs to exlude individaully computer from this blocakge

how to avoid trusted softwares from this blocking
which attack method or malicious code typically used by attackers to access a company's internal network through its remote access system?
Hi all,

I'm trying to figure out why Win (7) Firewall is blocking a program from communicating with a "server" PC I have running in a Home network environment.
Set up:
Installed software that allows me monitor appliances (machines) over a VPN. The package consists of a DB based component and a "manager" component. The manager piece allows one to log into the server and query different machines over the VPN tunell.

 All works fine on the machine where the DB and Manager program are running locally.

The manager component can be installed on remote PCs to access the DB on the server machine. To test this I installed the Manager app onto a laptop, also wirelessly connected to my Home network.

When I attempt to Log into the Server using the laptop I get a Communication error.

I configured the firewall (Domain, Private & Public (all) profile) on the server machine to accept inbound traffic from a PC wanting to communicate using the Manager software. But I still get the Comm error.

When I turn the firewall off on the server machine I have no problem connecting from the laptop.

With the firewall on and the firewall monitor enabled, I see all the TCP packets being sent from the laptop, dropped.

Here's a snippet of the log: ( = Server = "remote" Laptop)

2017-02-08 12:01:30 ALLOW UDP fe80::f127:d91f:3fee:8be1 ff02::1:3 58825 5355 0 - - - - - - - SEND
2017-02-08 12:01:30 ALLOW UDP 64856 5355…

I really need some input on this frustrating issue which began when trying to uninstall an obsolete version of ESET File Security from our only server which is a SBS 2011 Standard server and is our domain controller, DHCP and DNS server. This server has 1 NIC.

When uninstalling this old 4.* version of this virusscanner it hung at "Uninstalling Drivers" and I decided to reboot the server at this point, because the installation wizard couldn't be canceled/closed. After booting it was clear that ESET File security wasn't fully removed, because the wizard didn't finish and portions of the scanner were still loaded.

According to this ESET KB article I had to use their Uninstaller tool to completely remove everything. I didn't use the /reinst switch. After running this and rebooting the server I started noticing issues with several services which didn't want to start anymore and ended in a time-out. (like SQL, Sharepoint etc.) So after waiting a long time for the "Applying computer settings" to finish I am able to logon. After logging on "Please wait for the User Profile Service" is taking a minute or more which normally never was the case.

I then found out that this waiting for the User Profile Service is happening because Network and Sharing Center states that the server is in a public network instead of being in a domain network. So at this point when I logoff and logon again it takes a long time. When I then disable en …

Software Firewalls




Articles & Videos



Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.