[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Software Firewalls





Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Share tech news, updates, or what's on your mind.

Sign up to Post

Windows 10 Version 1809  Build 17763.107
Windows Defender Security Center says:
"Windows defender firewall is using settings that may make your device unsafe"

I reset the firewall and it seemed to work in fixing this.,
Then I applied our standard script which adds firewall settings.
Now the message is back.
But how to find the problem?
OWASP: Avoiding Hacker Tricks
LVL 12
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

We have an internal program that uses a public certificate for security. We need to lock down the application on devices so they do not have any access outside of the program (client connects to a server using several ports) and Logmein (for remote support).

I am using the Windows Firewall to block outbound traffic except for traffic we will allow for the program. The problem I am having is that the application will not run because the public certificate will not verify the certificate chain (for security on the user login). I have tried to turn off settings for revocation in Internet Options, but that is not what the problem is. It seems the app needs access to the internet to verify the certificate. So in Windows Firewall, I need to know what exactly do I need to open outbound?
1.pngso all of a sudden some emails stop flowing and my connector is not validating, been setup for years and we did not change any server or network settings

i have Office 365 and a hybrid server - exchange 2010

the emails that are failing are coming from my mercury server and flows thru my exchange to office 365. i have contacted microsoft support but they are saying its an internal issue.
Description of problem:
I have this a text file

# Generated by iptables-save v1.4.21 on Fri May 11 16:48:14 2018
:PREROUTING ACCEPT [104870:20593583]
:INPUT ACCEPT [116564:21221907]
:OUTPUT ACCEPT [17993376:1098269263]
:POSTROUTING ACCEPT [17993377:1098269323]
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 4443
-A OUTPUT -d -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 4443
# Completed on Fri May 11 16:48:14 2018
# Generated by iptables-save v1.4.21 on Fri May 11 16:48:14 2018
:INPUT ACCEPT [104255:21990084]
:OUTPUT ACCEPT [116465543:24365206954]
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8081 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -p tcp -m tcp --dport 4443 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 8081 -j ACCEPT
# Completed on Fri May 11 16:48:14 2018

Open in new window

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Place the File in a Tmp directory as iptables-export-ref2.txt
2.Run the Command: sudo iptables-restore -t < /tmp/iptables-export-ref2.txt
3. Error: Iptables-restore v1.4.21: iptables-restore: unable to initialize table 'nat

Actual results:
It gives error : iptables-restore v1.4.21: iptables-restore: unable to initialize table 'nat

Expected results:

Additional info:
I am not sure what is missing here and what needs to be done to get this implemented.
Windows Server 2008 Firewall

I'd like to restrict Remote Desktop access to the server to just one external IP, and one LAN IP.

Have created an inbound rule for the RD port.

If I enter the external IP in the rule scope options and leave local IP as any, then only the external IP connects but no local IPs
can connect. If I enter the local IP specifically then it blocks access from the external IP even though its specifiied.

It appears I can do one or the other only in the rule.

How do I configure the firewall to allow RD access from one specific internal IP and one specific external IP only ?

Thank you
We have a user with a HP Officejet 6830 that we are trying to setup with HP EConnected/EPrint (print over Internet).  Everything goes smoothly throughout the setup, however, upon adding the printer the dot is orange not green on the HP EConnected site.  However, in checking the printer locally he have a green check mark for EPrinting.

The user has a basic home network with a AT&T UVerse (not sure of the exact manufacturer).  Do you need to open up certain ports for EPrint to work on one of these routers?  (In the past wet set one up on a home network with a Negear router and it was plug and play--green dot next to printer not orange.
Looking to find software that we can install on a certain couple of users PC's that will send their manager a log of what websites she is visiting, times and how long?

Don't want to spend 1000 dollars, just something basic.
I am doing my first sbs 2011 Standard to office 365 hosted exchange migration.

I am using migration wiz and 4 of 5 mailboxes failed. one talked of actively refiusing the connection.

It reminded me - there's a watchguard firewall at the sbs 2011 location.  I remember once someone else having a problem with too much data going to /. from 1 place that the watchguard shut it off - there's a setting to limit amount of data to / from 1 external location that was on by default.

Anyone know where that is?  Could that be why they are failing the migration?

can you tell me where to look to disable that if it's on. and maybe where to look to see if that feature was activatted in the last 48 hours?

I have a PowerShell script that runs a number of commands that look like this (with various names involved):
Set-NetFirewallRule -DisplayName "Remote Event Log Management (RPC)" -RemoteAddress,LocalSubnet -Profile Private -Enabled True

Open in new window

One problem with this is that it creates duplicate firewall rules.  So, if we run the script twice then we are assured of getting at least 2 identical rules.
(It's easier to run the script than to decide whether to run it!).

So, I have two objectives that I've not been able to reasonably figure out on my own:

1) I want to remove the duplicate firewall rules that this process has created.
2) I want to add the same firewall rules to computers that have no duplicates, without creating duplicates once more.
3) I want all of this wrapped up into two scripts.

How might you suggest this be done?
The scenario: Windows server behind a firewall (pFsense) is initiating an FTP connection to an external service. The external service is stating the firewall is passing the internal IP address to their FTP server in the connection setup.

I've reviewed the firewall settings and don't see how the firewall could be doing this. I don't have access to the windows server or the software initiating the connection to review them.

Any suggestions on where to look?

Virus Depot: Cyber Crime Becomes Big Business
Virus Depot: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. View our webinar recording to learn how to best defend against these attacks!

Please help...
Scenario:  We have users that use laptop/desktops to connect to our RDP farm, we also have some “local users” that work on local applications using their network shares.
-      The group policy connects their H: drive to a network share, we want to only allow connection to the file server whilst on the remote desktop (security reasons and to control access).
-      We also have a small group of users that will need to connect to the file server e.g. connect their network shares
-      Servers are in a datacentre, including remote desktop servers
-      Users are at a number of sites (different IP/subnet)
We are trying to use the server firewall rule “File and Printer Sharing (SMB-In)" to limit connections from named servers/computers (remote desktop machines) and an OU group containing the limited list of approved users.
-      Is this the best way to do this and
-      Will the firewall allow me to limit (as above)
All assistance gratefully received…
My windows server is flooded with 5152, 5157 logs for port 53. i have disabled DNS service and also blocked 53 port but still no success.
 I have a windows 10 PC (domain joined on Windows 2008 network) that I can ping it by IP address neither by IP address nor by name.
 But that computer can connect to the internet, domain, mapped drive ... everything works normal from that computer, including I can connect to that computer using Splashtop remote software too from outside of the network.
 I discovered this weird situation when I failed to RDP into that computer. First I ran firewall.cpl and made sure that REMOTE DESKTOP was checked for domain, private and public.
 I went to the domain controller and confirmed that IP address and computer name was registered in DNS manager and DHCP server. Other workstation computers can ping each other by computer name and IP address.
 What can I do to troubleshoot this issue?

Dear Experts,

I have a set of fortigate firewall policies which I need to duplicate on a cisco router.

I have done most of the point A to point B.

The issue I have now is the NAT and there is an IP Pool, is there a guide on how I can translate the rules from firewall to cisco router?

Any help is appreciated.
I have been using an Excel 2016 VBA program that uses XMLPRC to upload some documents to a website.
This program has been in use for a number of years now, but it has just started to fail on my Windows 10 machines.

I see some messages in the Security Event log saying that the The Windows Filtering Platform has blocked a packet. Event ID 5152
I have added Excel to the Firewall, but doesn't seem to change.
The Windows Filtering Platform has blocked a packet.

Application Information:
	Process ID:		0
	Application Name:	-

Network Information:
	Direction:		Inbound
	Source Address:
	Source Port:		443
	Destination Address:
	Destination Port:		54377
	Protocol:		6

Filter Information:
	Filter Run-Time ID:	103400
	Layer Name:		Transport
	Layer Run-Time ID:	13

Open in new window

Is there somewhere else I can find details, or how can I allow these through?
Hi Experts

I am looking for a router capable of delivering a DHCP range of  /19 or above, with DSL and ethernet WAN ports |(VDSL) for large applications.  On-board wifi is not required.  L7 firewall an advantage
Can you advise?  Many thanks in advance
i have pfsens with snot package ... and i enabled on wan and lan wit block mode
i add some alerts so suppress lists for wan and lan ,,, already create two file one for wan and the second for lan
some alerts that is in suppress list is going to blocked ! so where is the problem ?
i have a Cisco ASA 5520 and 500MB internet/bandwidth line, the problem is the throughput on the FW is low and it throttles the bandwidth. Execs don't want me to upgrade now so i was wondering is there some kind of add on i can use  

ASA 5520
1: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
2: Up to 2048MB RAM
3: Intel Celeron M Processor 450 2.0GHz
4: Cavium Nitrox Lite CN1010
Hi All,

I need some assistance setting up the below. I've got 3 "subnets" to set up internally. All must be able to reach the internet through the suppliers router.

The networks are 2x /26 and 1x /27. VLANS 601 & 603 are desktop pc's. VLAN 602 will be Cisco phones. 601 and 603 do not need any seperation, they're just to cover the seperate DHCP ranges. DHCP will be provided by an external source (hopefully) through a VPN setup on the ASA Firewall. I'm looking to setup outside interface, inside interface and access for all vlans.

Is anyone able to provide a sample config on how I could get this working?

Network Overview

Are You Protected from Q3's Internet Threats?
Are You Protected from Q3's Internet Threats?

Every quarter, WatchGuard's Threat Lab releases a security report that analyzes the top threat trends impacting companies around the world. For Q3, we saw that 6.8% of the top 100K websites use insecure SSL protocols. Read the full report to start protecting your business today!

What is the best way to communicate between a Windows Service application and a UI Application within the machine.
Currently I am writing into a SQL lite database and reading every second in both applications.
My Service application has Socket Communication for inter machine, I do not want Sockets on UI (to avoid Firewall blocking).
IPC at times gives problems when the users are different (Local System and Standard user)
I use Delphi Seattle on Windows
my mail server which is exhange server 2010 is published through owa for external users.
i would like to know how to make them connect through their android smartphones to my exchange servers.
what ports really need to be mapped to make that happen.
thanks in advance
How do I check for currently closed ports on Windows and Linux boxes. Please advise! Thanks!
I install nginx with mod security … I want to use it as waf for backend web servers.
in this case do I have to enable reverse proxy on it ?
what's about the https servers ?
Hello Experts,
Just wanted to find out how do you guys dynamically update the Office 365 endpoints IPs and URLs that are published by MS for the proxy and firewall access? I know the RSS feed will be retired soon per what I read online and do you guys just run a PS script that grabs the info from the published XML file or there's a better solution/idea out there? Any input would be greatly appreciated!
can I install suricata , mod security, ndpi,ntopng on the same server ?

Software Firewalls





Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.