Outbound Firewall Rules for Vista & Windows 7



Name (Function) Enabled Action Program Local Address Remote Address Protocol Local Port Remote Port
Allow Acrylic DNS Proxy
( DNS Proxy )		 Yes Allow %ProgramFiles%\Acrylic DNS Proxy\AcrylicService.exe Any Any UPD Any 53, 953
Allow Agent
(News reader & Email Client)		 Yes Allow %ProgramFiles%\Internet\Agent\agent.exe Any Any TCP Any 25, 80, 119, 110, 443, 563, 587, 995
Allow All                             *1 No Allow Any Any Any Any Any Any
Allow Altbinz
( News group client )		 Yes Allow %ProgramFiles%\Altbinz\altbinz.exe Any Any TCP Any 119, 443, 536
Allow Avira Update
(anti virus)		 Yes Allow Any Any 62.146.66.178-62.146.66.184
80.190.143.230-80.190.143.239
127.0.0.1		 TCP Any 80
Allow Bind9 
(Local DNS Resolver)		 Yes Allow %SystemRoot%\System32\dns\bin\named.exe Any Any UDP Any 53, 953
Allow CyberGhost 1
(VPN Client)		 Yes Allow %ProgramFiles%\S.A.D\CyberGhost VPN\CyberGhost.exe Any Any TCP Any 80, 8078, 8082
Allow CyberGhost 2
(VPN Client)		 Yes Allow %ProgramFiles%\S.A.D\CyberGhost VPN\CGVPNCliService.exe Any Any TCP Any 80, 8078, 8082
Allow CyberGhost 3
(VPN Client)		 Yes Allow %ProgramFiles%\S.A.D\CyberGhost VPN\OpenVPN\openvpn.exe Any Any TCP Any 80, 8078, 8082
Allow Dig
(DNS Tools)		 Yes Allow %ProgramFiles%\Dig\dig.exe Any Any UDP Any 53
Allow DMT
(Router tool)		 Yes Allow %ProgramFiles%\DMT Tools\DMT.exe Any Local subnet TCP Any 23
Allow DNS Benchmark Yes Allow %ProgramFiles%\Internet\DNSbenchmark\DNSBench.exe Any Any UDP Any 53
Allow FileZilla
(FTP client)		 Yes Allow %ProgramFiles%\FileZilla FTP Client\filezilla.exe Any IP range of FTP server TCP Any Any
Allow Firefox
(Browser)		 Yes Allow %ProgramFiles%\Mozilla Firefox\firefox.exe Any Any TCP Any 21, 80, 443, 8080, 8085, 8086
Allow Firefox plugin-container
(required for flash content to play on some sites)               *5		 Yes Allow %ProgramFiles%\Mozilla Firefox\plugin-container.exe Any Any TCP Any 80
Allow Grabit
(News reader)		 Yes Allow %ProgramFiles%\GrabIt\GrabIt.exe Any Any TCP Any 119, 443, 563
Allow Google Earth Yes Allow C:\program files\google\google earth\client\googleearth.exe Any Any TCP Any 80. 443
Allow Internet Explorer
(Browser)		 Yes Allow %ProgramFiles%\Internet Explorer\iexplore.exe Any Any TCP Any 21, 80, 443, 8080, 8085, 8086
Allow InfTraf
(SNMP Router monitor)		 Yes Allow %ProgramFiles%\Interface Traffic Indicator\inftraffic.exe Any Local subnet UDP Any Any
Allow Java Yes Allow %ProgramFiles%\Java\jre6\bin\java.exe Any Any TCP
 Any 80, 81, 443,8085, 8086, 8095
Allow Java Update  Yes Allow %ProgramFiles%\Java\jre6\bin\jucheck.exe Any Any TCP Any 80
Allow Kompozer
(Web publishing / FTP client)		 Yes Allow %ProgramFiles%\KompoZer 0.7.10\kompozer.exe Any IP range of FTP server TCP Any Any
Allow Microsoft Security     *2 Essentials Update
(Anti Virus)
 Yes Allow %SystemRoot%\System32\svchost.exe
Service - BITS		 Any Any TCP Any 80, 443
Allow netsh DNS                 *3 Yes Allow %SystemRoot%\System32\netsh.exe Any Any UDP Any 53
Allow nslookup Yes Allow %SystemRoot%\System32\nslookup.exe Any Any UDP Any 53
Allow OpenDNS UpdaterTCP Yes Allow %ProgramFiles%\OpenDNS Updater\OpenDNS Updater.exe Any
67.215.64.64
208.67.219.100-
208.67.219.105		 TCP Any 80, 443
Allow OpenDNS
Updater UDP		 Yes Allow %ProgramFiles%\OpenDNS Updater\OpenDNS Updater.exe Any 208.67.222.222
208.67.220.220		 UDP Any 53
Allow Ping
(Ping & Tracert command)		 Yes Allow Any Any Any ICMPv4
Customize Echo Request		 Any Any
Allow Printer
(Network Printer)		 Yes Allow Any Any Printer IP  (best)
Alt Local subnet (poor)		 Any Any Any
Allow PowerOFF TCP        *4
(wake on lan tool)		 Yes Allow %ProgramFiles%\Poweroff\poweroff.exe Any Local subnet TCP Any 3210
Allow PowerOFF UDP
(wake on lan tool)		 Yes Allow %ProgramFiles%\Poweroff\poweroff.exe Any Local subnet UDP Any 7
Allow RouterStats Yes Allow %ProgramFiles%\RouterStats\RouterStats.exe Any Local subnet TCP Any 23, 80
Allow SimpleDNS
(Local DNS Server)		 Yes Allow %ProgramFiles%\Simple DNS Plus\sdnsmain.exe Any Any UDP Any 53, 953
Allow Spybot Update
(Anti spyware)		 Yes Allow %ProgramFiles%\Spybot - Search & Destroy\SDUpdate.exe Any Any TCP Any 80
Allow Telnet Yes Allow %SystemRoot%\System32\telnet.exe Any Any TCP Any 23
Allow Time Update (Windows Time) Yes Allow Program - %SystemRoot%\System32\svchost.exe
Services - Windows Time		 Any Any UDP 123 123
Allow Windows Update  
(Windows update. Also required for Microsoft Security Essentials update in Vista)		 Yes Allow %SystemRoot%\System32\svchost.exe
Services - Windows Update		 Any Any TCP Any 80, 443

*1              Allow All  rule is normally disabled, enabled only for testing or to allow quick web access to a program otherwise blocked.
*2              Required on my Windows 7 64bit PC, not required on my Vista 32bit machine.
*3              Required if the "netsh" command is used to change DNS in the network settings.
*4              The target PC needs to allow inbound TCP port 3210.
*5              Required to display BBC iplayer using Firefox 3.6.4 and Flash 10.1.53.64, may or may not be required for other plugin


FirewallOFF.zip  Batch file to enable and disable the outbound "Allow All" rule.
Useful for testing or allowing an otherwise blocked program to check for updates.
Unzip and run by right clicking on FirewallOFF.bat select "run as administrator".







Firewall
Home Page

footer
Copyright© NPR 2010 - 2012       Disclaimer