Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows advanced firewall outgoing rule


  • Please log in to reply
2 replies to this topic

#1 sk8erbender

sk8erbender

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 20 July 2018 - 01:42 AM

Hey guys! As far as I understand to allow windows update when blocking all outgoing ports is to give svchost.exe 443 tcp. ?

 

I have a question how to allow windows update time from time.nist.gov ?

I know if I create rule outgoing UDP 123  it works. But how can I make outgoing udp only for windows time update program ?



BC AdBot (Login to Remove)

 


#2 sk8erbender

sk8erbender
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 20 July 2018 - 02:19 AM

Well I made rule like this now

Server time-a-g.nist.gov

 

Firewall Rule -

Remote IP Address section, select the These IP Addresses: radio button, then click the Add... button.

In the IP Address window, enter the IP scope :

I entered scope 129.6.15.0/24

 

seems to be safer now.

 

#3 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,577 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:10:31 AM

Posted 26 July 2018 - 11:24 AM

There are more addresses you'll need to enter if that's the route you like to take. See

https://tf.nist.gov/tf-cgi/servers.cgi

In your rule you might want to add W32Time service so that only it can do UDP from/to port 123. I know there's a way to add specific service in Microsoft's firewall but since I don't use it, I don't recall the exact steps.






2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users