Lots of questions about firewalls

January 5, 2017 at 10:46:45
Specs: several
I've asked about firewalls before, but it was a long time ago.

When I was using Windows 7 and dial-up Internet connection, I was
able to configure the Windows Firewall so that the ShieldsUP! test
of the first 1056 Internet service ports at GRC.com showed *all* of
them "stealthed" -- green squares in the grid. When I switched to a
3G wireless modem/router with built-in hardware firewall that I didn't
know how to configure, there was one port always shown as being
closed (blue) and one that was always open (red), if I recall correctly.
Now with a 4G modem/router from Sprint, also with a built-in firewall
that I don't know how to configure, attached to an Android 4.4.2 tablet,
ShieldsUP! shows 13 stealthed (green) ports, and all the rest of the
first 1056 ports are closed (blue).

I am now setting up my new Windows 10 Home HP notebook for use
with this same 4G modem/router. Ideally, all ports should show up in
the test as stealthed (green). But what I get seems to be a function
of the modem/router's built-in firewall, not the Windows Firewall.

What I want right at the moment is to completely disable Internet
connection for anything but the browser, both inbound and outbound.
I'm about to install the latest version of Firefox, so I plan to use that.

How can I use either Windows Firewall or the Sprint modem/router's
hardware firewall to block everything but browser traffic?

Sprint MiFi 500 LTE by Novatel Wireless

-- Jeff, in Minneapolis


See More: Lots of questions about firewalls

Reply ↓  Report •


#1
January 5, 2017 at 14:54:20
If you really want to disable everything except what you specify then get TinyWall:

https://tinywall.pados.hu/

I had it for years and it does the job. Be prepared for plenty of work to ensure everything works - you might be surprised what you need, particularly to ensure you get security updates for any programs you have onboard.

It simply controls the Windows firewall using a friendly interface.

Always pop back and let us know the outcome - thanks

message edited by Derek


Reply ↓  Report •

#2
January 5, 2017 at 16:39:03
I take it that TinyWall is an alternative front end for
Windows Firewall?

-- Jeff, in Minneapolis


Reply ↓  Report •

#3
January 5, 2017 at 17:07:22
Yes, but it is much simpler and quite different. The program is quite small.

The concept is that it blocks everything you have not asked it to allow through, apart from a few preset essentials including Windows updates.

At first you will need to put it in learning mode if you suspect it is blocking something you want to allow. After that it doesn't bother you with popups like most third party firewalls.

Some bedtime reading:
http://lifehacker.com/5871548/tinyw...

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

Related Solutions

#4
January 5, 2017 at 17:44:41
Kinda Paranoid. Although you close some back-doors, viruses/malware these days come through the front door!
Links on web-pages
Scripts
Email attachments
Dubious free apps

All this can alter your firewall seamlessly
Without a good anti-virus/malware program you are still very much a risk.


Reply ↓  Report •

#5
January 5, 2017 at 17:59:24
I'm pretty sure I never got any popup from Windows Firewall.
But I used it exclusively in the "advanced" mode. Maybe that
was why? What sort of message do the popups convey?

-- Jeff, in Minneapolis


Reply ↓  Report •

#6
January 5, 2017 at 18:06:27
Jeff
Correct, you never get popups with Windows firewall (whatever mode). As per my #3 you generally get them with third party (added) firewalls. They keep endlessly asking you to allow or not allow everything under the sun. Not so with TinyWall.

sluc
True but in this instance Jeff appears to be after blocking as much unnecessary internet activity as possible, rather than bolstering up security.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#7
January 5, 2017 at 19:16:05
In my experience Windows firewall will ask (popup) if user allows access to certain ports that newly installed apps require for communication either to Intranet (communication to other devices on local network) or Internet. Printer software installation comes to mind. I don't have third party firewall apps installed

Reply ↓  Report •

#8
January 5, 2017 at 20:35:30
E-mail attachments I'm essentially immune from.
I've seen hundreds of them -- well, mostly the same
handful repeated hundreds of times each -- and for
the last quite a few years my e-mail provider has
done a fabulous job of filtering them out before they
can get to my inbox. In any case, I've never run one,
and it would be virtually impossible that I could run
one by accident.

A malicious script on a web page is something else.
Web pages nowadays seem to do far more in the
background than in the foreground, and it isn't entirely
clear to me what is dangerous and what isn't.

-- Jeff, in Minneapolis


Reply ↓  Report •

#9
January 5, 2017 at 21:00:50
Derek,

You said perfectly clearly that the popups comment applied
to third-party firewalls, but I failed to read it that way. Bad
wetware!

I think it would be accurate to say that my primary aim is to
"bolster security". Stopping unnecessary disk activity is a
lower priority, but I can see how they are connected.

Download a security program from a website in Hungary, eh?

-- Jeff, in Minneapolis


Reply ↓  Report •

#10
January 5, 2017 at 21:34:26
Jeff: Setting in Firefox for Flash "ask before activating" stops many excessively aggressive ads that bogs down even a fast system and probably also blocks possible junk entering that way as well.

You have to be a little bit crazy to keep you from going insane.


Reply ↓  Report •

#11
January 6, 2017 at 04:48:47
"Download a security program from a website in Hungary, eh?"

I can understand various reasons not to use a program but I don't see why the above is a particular hangup. I ran the program for years and it didn't grab me by the throat. During that time I discussed various aspects of the program with the author and found him most cooperative.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#12
January 6, 2017 at 05:14:33
You should watch this: https://youtu.be/wRpAANsoG8I?t=41

Reply ↓  Report •

#13
January 6, 2017 at 13:32:44
Derek,

Mainly it's humorous that you send me to Hungary.
I've used IrfanView for about two decades. Bosnia
is its origin. Both of those places are much closer
to you than to me, and much closer to Russia than
to the USA. I can't say that I've ever met anyone
from either of them.

-- Jeff, in Minneapolis


Reply ↓  Report •

#14
January 6, 2017 at 14:15:03
"Mainly it's humorous that you send me to Hungary"
Oh heck, time I ditched my straight face I guess.

I've chatted with ‎Irfan Skiljan too but that was many moons ago. Not a program I use anymore but it is still not at all bad.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#15
April 24, 2017 at 10:39:36
As I indicated in another thread, I have uninstalled TinyWall
because it accesses the hard drive even when it has no reason
to be running. So I'm going back to using the Windows Firewall
Advanced settings.

Is it possible to block everything except Firefox browser with
Windows Firewall? If not, how close to that ideal can I get?

In January 2012 I said here that on a different computer, running
a different OS (Windows 7), with a dial-up Internet connection to a
different ISP, I set *ALL* the ports in Windows Firewall Advanced
settings to "blocked" in *BOTH* directions, yet I was able to use
the browser just fine, and grc showed all the ports it tested
as stealthed. I didn't know what I was doing, though, and I still
don't. With the wireless modem/router I'm using now, nearly all
the tested ports show up as blocked. The rest-- about a dozen--
are steathed.

It is curious that (in my former setup) I could block all the ports
and still browse the Internet.

-- Jeff, in Minneapolis

message edited by Jeff Root


Reply ↓  Report •

#16
April 24, 2017 at 13:34:19
Is your router firewall turned on? Normally via a router firewall the first 1056 ports show as stealthed in "Shelds Up". Just checked mine on Win 10 and that is still the case.

Ports will open when they are required for use (by programs) - hence your ability to browse the internet.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#17
April 24, 2017 at 21:18:39
As far as I can tell, the router firewall is turned on and there is no
obvious way to turn it off.

I think I understand how TinyWall can selectively prevent programs
from accessing the Internet. Since TinyWall does it by adjusting
Windows Firewall settings, I presume that I can do the same in the
Windows Firewall Advanced settings interface.

Any thoughts on that?

-- Jeff, in Minneapolis


Reply ↓  Report •

#18
April 25, 2017 at 05:23:07
Not something I've done very often but there's plenty of info around, such as this:
https://www.howtogeek.com/112564/ho...

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#19
April 25, 2017 at 10:05:42
Thanks, Derek, that looks like a good tutorial!

I haven't got very far through it yet, but I came to this statement:

"If you block outbound connections, you won’t receive a
notification when a program is blocked – the network
connection will fail silently."

Somewhere I recall selecting to receive a notification when a
program is blocked. I expect that the above statement means
I won't.

Just to help me understand what is going on (not as a normal
operating condition) I might prefer to see notifications for a while.
I never saw such a notification under Windows 7, and I haven't
connected this new Windows 10 computer to the Internet yet to
see what it does.

-- Jeff, in Minneapolis


Reply ↓  Report •

Ask Question