Use this tab to specify which protocols and ports in a network packet match this firewall rule.
To get to this tab |
-
In the Windows Firewall with Advanced Security MMC snap-in, in either Inbound Rules or Outbound Rules, double-click the firewall rule you want to modify, and then click the Protocols and Ports tab.
Protocol type
Select the protocol whose network traffic you want to filter with this firewall rule. If the protocol you want is not in the list, then select Custom, and type the protocol number in Protocol number. You can use any protocol number listed by the Internet Assigned Numbers Authority (IANA).
If you specify TCP or UDP in the list, then you can specify the TCP or UDP port numbers in Endpoint 1 port and Endpoint 2 port.
For a list of the protocols, their protocol numbers and a brief description, see Firewall Rule Properties Page: Protocol and Ports Tab (http://go.microsoft.com/fwlink/?linkid=137823) in the TechNet Library.
Local port
If you are using the TCP or UDP protocol type, you can specify the local port by using one of the choices from the drop-down list or by specifying a port or a list of ports. The local port is the port on the computer on which the firewall profile is applied.
The following options are available for inbound rules:
- All Ports. Available for both TCP and
UDP on inbound and outbound rules. Selecting this option specifies
that all of the ports for the selected protocol match the rule.
- Specific Ports. Available for both TCP
and UDP on inbound and outbound rules. Selecting this option
enables the text box where you can type the port numbers you need.
Separate port numbers with commas and include ranges by separating
the low and high values with a hyphen.
- RPC Endpoint Mapper. Available for TCP
on inbound rules only. Selecting this option allows the local
computer to receive incoming RPC requests on TCP port 135 to the
RPC Endpoint Mapper (RPC-EM). A request to the RPC-EM identifies a
network service and asks for the port number on which the specified
network service is listening. RPC-EM responds with the port number
to which the remote computer should send further network traffic
for the service. This option also enables RPC-EM to receive RPC
over HTTP requests.
- RPC Dynamic Ports. Available for TCP
on inbound rules only. Selecting this option allows the local
computer to receive inbound network packets to ports assigned by
the RPC runtime. Ports in the RPC ephemeral range are blocked by
Windows Firewall unless assigned by the RPC runtime to a specific
RPC network service. Only the program to which the RPC runtime
assigned the port can receive inbound traffic on that port.
Important - Creating rules to allow RPC network traffic by using the RPC Endpoint Mapper and RPC dynamic ports options allows all RPC network traffic. Windows Firewall cannot filter RPC traffic by the universally unique identifier (UUID) of the destination program.
- When an application uses RPC to communicate from a client to a server, you must typically create two rules, one for RPC Endpoint Mapper and one for Dynamic RPC.
- IPHTTPS. Available for TCP only.
Available under Local port for inbound rules. Selecting this
option allows the local computer to receive incoming IP over HTTPS
(IPTHTTPS) packets from a remote computer. IPHTTPS is a tunneling
protocol that supports the embedding of Internet Protocol version 6
(IPv6) packets in IPv4 HTTPS network packets. This allows IPv6
traffic to traverse some IP proxies that do not support IPv6 or
some of the other IPv6 transition technologies, such as Teredo and
6to4.
- Edge Traversal. Available for UDP on
inbound rules only. Selecting this option allows the local computer
to receive incoming Teredo network packets. Teredo is an
IPv4-to-IPv6 transition protocol.
Remote port
If you are using the TCP or UDP protocol type, you can specify the local port and remote port by using one of the choices from the drop-down list or by specifying a port or a list of ports. The remote port is the port on the computer that is attempting to communicate with the computer on which the firewall profile is applied.
The following options are available for inbound rules:
- All Ports. Available for both TCP and
UDP on inbound and outbound rules. Selecting this option specifies
that all of the ports for the selected protocol match the rule.
- Specific Ports. Available for both TCP
and UDP on inbound and outbound rules. Selecting this option
enables the text box where you can type the port numbers that you
need. Separate port numbers with commas and include ranges by
separating the low and high values with a hyphen.
- IPHTTPS. Available for TCP only.
Available under Remote port for outbound rules. Selecting
this option allows the local computer to send outbound IPTHTTPS
packets to a remote computer. IPHTTPS is a tunneling protocol that
supports embedding IPv6 packets in IPv4 HTTPS network packets. This
allows IPv6 traffic to traverse some IP proxies that do not support
IPv6 or some of the other IPv6 transition technologies, such as
Teredo and 6to4.
ICMP Settings
Click Customize to configure settings for Internet Control Message Protocol (ICMP). The Customize button is enabled only when you choose the ICMPv4 or ICMPv6 protocol types. For more information, see Dialog Box: Customize ICMP Settings.