Battlezone Forums

http://bzforum.matesfamily.org/ -- Battlezone, Battlezone 2 forums
http://bzforum.matesfamily.org/

Windows Firewall Whitelist

http://bzforum.matesfamily.org/viewtopic.php?f=7&t=2081

Page 1 of 1

Windows Firewall Whitelist

Posted: Wed Dec 11, 2013 3:15 am
by Commando
There is nothing stopping you from setting up a whitelist in Windows Firewall. You just have to disable the opened port rule bz2 sets up then follow these steps.

Before you start with the following section, make sure you disable any rules allowing bz2 to go through Windows Firewall. The latest patches create profiles that will allow bz2 through, if you allow it.

Setting up a Whitelist with Windows Firewall.

[h]Opening up TCP[/h]

1. Go to "Control Panel"
2. Launch "Windows Firewall"
3. Click on "Advanced Settings"
4. Click on "Inbound Rule"
5. Select "New Rule" from the "Action Pane"
6. For "What type of rule would you like to create", select "Custom" then click "Next"
7. For "Does this rule apply to all programs or a specific program?", select "All programs", then click "Next"
8. For the "Protocol type", select "TCP"
9. For the "Local port", select "Specific ports"
10. Now specify ports "17770-17772"
11. Click "Next"
12. For "Which local IP addresses does this rule apply to?", select "Any IP addresses"
13. For "Which remote IP addresses does this rule apply to?", select "These IP addresses"
14. Click "Add", now enter the IP addresses you want to allow
15. Click "Next"
16. For "What action should be taken when a connection matches the specified conditions?", select "Allow the connection".
17. Click "Next"
18. For the "When does this rule apply?", select "Domain, Private, or Public", depending on what profile you are using
19. Click "Next"
20. For the name, give it "BZ2 Whitelist TCP"
21. Click Finished.

[h]Opening up UDP[/h]

There is nothing stopping you from setting up a whitelist in Windows Firewall. You just have to disable the opened port rule bz2 sets up then follow these steps.

Setting up a Whitelist with Windows Firewall.

1. Go to "Control Panel"
2. Launch "Windows Firewall"
3. Click on "Advanced Settings"
4. Click on "Inbound Rule"
5. Select "New Rule" from the "Action Pane"
6. For "What type of rule would you like to create", select "Custom" then click "Next"
7. For "Does this rule apply to all programs or a specific program?", select "All programs", then click "Next"
8. For the "Protocol type", select "UDP"
9. For the "Local port", select "Specific ports"
10. Now specify ports "17770-17772"
11. Click "Next"
12. For "Which local IP addresses does this rule apply to?", select "Any IP addresses"
13. For "Which remote IP addresses does this rule apply to?", select "These IP addresses"
14. Click "Add", now enter the IP addresses you want to allow
15. Click "Next"
16. For "What action should be taken when a connection matches the specified conditions?", select "Allow the connection".
17. Click "Next"
18. For the "When does this rule apply?", select "Domain, Private, or Public", depending on what profile you are using
19. Click "Next"
20. For the name, give it "BZ2 Whitelist UDP"
21. Click Finished.

Re: Windows Firewall Whitelist

Posted: Wed Dec 11, 2013 3:28 am
by Commando
The benefit to using Windows Firewall for the whitelist is you can protect your session from DDoSing. A bz2 whitelist will not offer this protection.

If my memory is correct, there was a posting on bz2maps.us indicating the DDoSer was attacking on port 17770, which bz2 opens when hosting. This is why a firewall rule will offer protection that bz2 cannot.

Windows firewall is just as powerful as bz2 when it comes to ip banning.

You can tell it to ban a specific ip address. Here are some examples.

192.168.1.1 // Only bans this particular IP
192.168.1.1/16 // bans anything starting with 192.168
192.168.1.1/24 //bans anything starting with 192.168.1

An IP address consists of 32 bits split up in fourths. That is why you will typically see /8, /16, /24, or /32

/8 being the first section, /16 being the first half, /24 being 3/4 of the ip, and /32 being the entire IP.

Re: Windows Firewall Whitelist

Posted: Wed Dec 11, 2013 8:53 am
by MrTwosheds
It will not protect your router though, your connection will still be being dossed and clients effected.

Re: Windows Firewall Whitelist

Posted: Wed Dec 11, 2013 1:53 pm
by Commando
Disable respond to ping requests on the router. DoS attacks typically clog up a connection with malformed ping requests.

Re: Windows Firewall Whitelist

Posted: Wed Dec 11, 2013 3:01 pm
by Red Spot
MrTwosheds wrote:It will not protect your router though, your connection will still be being dossed and clients effected.
My router, which is about 10 years old, has more firewall settings than XP has.
I assume you can just 'whitelist' your router?

Re: Windows Firewall Whitelist

Posted: Wed Dec 11, 2013 3:19 pm
by GSH
Thanks. Topic stickied.

-- GSH

Re: Windows Firewall Whitelist

Posted: Thu Dec 12, 2013 1:26 am
by Commando
My instructions apply to Windows 7 and possibly Windows Vista and 8. They most likely won't apply to XP as the firewall is more limited in XP.

Windows firewall should be more than adequate for setting up a whitelist. Windows firewall gives me a lot more flexibility than my Linksys e3200, which isn't that old. I'm looking into replacing said router, but am holding off for the time being. Any consumer router is going to be fairly limited. If I was swimming in cash, I would go with a fortigate 60c or 80c as that is the hardware firewall my company typically uses.

Re: Windows Firewall Whitelist

Posted: Wed Jan 01, 2014 3:39 pm
by Commando

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A79FD5D1-5AF7-46DA-9867-3BCEDAF777C5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=17770-17772|RA4=24.28.0.0/255.254.0.0|RA4=24.24.0.0/255.252.0.0|RA4=70.189.64.0/255.255.192.0|RA4=108.131.0.0/255.255.128.0|RA4=71.96.0.0/255.224.0.0|RA4=76.184.0.0/255.252.0.0|RA4=207.134.0.0/255.255.0.0|RA4=89.176.0.0/255.254.0.0|RA4=213.149.96.0/255.255.224.0|RA4=173.64.0.0/255.240.0.0|RA4=68.35.128.0/255.255.192.0|RA4=217.224.0.0/255.224.0.0|RA4=67.117.24.0/255.255.254.0|RA4=201.141.128.0/255.255.128.0|RA4=86.52.0.0/255.255.0.0|RA4=122.104.0.0/255.248.0.0|RA4=84.128.0.0/255.192.0.0|RA4=76.16.0.0/255.240.0.0|RA4=46.33.192.0/255.255.224.0|RA4=82.52.0.0/255.255.128.0|RA4=151.72.0.0/255.255.0.0|RA4=209.105.192.0/255.255.224.0|RA4=98.91.0.0/255.255.0.0|RA4=99.224.0.0/255.224.0.0|RA4=115.188.48.0/255.255.248.0|RA4=24.218.128.0/255.255.128.0|RA4=66.122.182.0/255.255.254.0|RA4=79.141.161.0/255.255.255.0|RA4=173.88.0.0/255.248.0.0|RA4=75.132.0.0/255.255.0.0|RA4=68.197.196.0/255.255.252.0|RA4=76.101.0.0/255.255.0.0|RA4=68.97.0.0/255.255.0.0|RA4=99.0.0.0/255.128.0.0|RA4=71.201.0.0/255.255.0.0|RA4=66.108.0.0/255.255.0.0|RA4=67.0.0.0/255.248.0.0|RA4=101.160.0.0/255.224.0.0|RA4=98.108.0.0/255.252.0.0|RA4=98.112.0.0/255.248.0.0|RA4=70.53.124.0/255.255.252.0|RA4=74.178.0.0/255.255.224.0|RA4=78.111.176.0/255.255.240.0|RA4=35.2.0.0/255.255.0.0|RA4=82.12.0.0/255.252.0.0|RA4=123.2.0.0/255.255.0.0|RA4=64.28.48.0/255.255.240.0|RA4=174.57.0.0/255.255.0.0|RA4=75.160.0.0/255.240.0.0|RA4=79.141.162.0/255.255.255.0|RA4=188.153.0.0/255.255.0.0|RA4=178.220.0.0/255.252.0.0|RA4=75.108.0.0/255.252.0.0|RA4=37.221.174.0/255.255.254.0|RA4=37.221.172.0/255.255.254.0|RA4=109.92.0.0/255.254.0.0|RA4=86.0.0.0/255.224.0.0|RA4=50.90.0.0/255.255.0.0|RA4=83.104.0.0/255.252.0.0|RA4=58.6.0.0/255.254.0.0|RA4=128.70.64.0/255.255.192.0|Name=Battlezone II Whitelist (TCP)|Desc=Enables TCP connections to the specified IPs for ports 17770 to 17772.|"
"{95E4AF86-E890-4F84-876E-2F201F48AF4D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_10=17770-17772|RA4=24.28.0.0/255.254.0.0|RA4=24.24.0.0/255.252.0.0|RA4=70.189.64.0/255.255.192.0|RA4=108.131.0.0/255.255.128.0|RA4=71.96.0.0/255.224.0.0|RA4=76.184.0.0/255.252.0.0|RA4=207.134.0.0/255.255.0.0|RA4=89.176.0.0/255.254.0.0|RA4=213.149.96.0/255.255.224.0|RA4=173.64.0.0/255.240.0.0|RA4=68.35.128.0/255.255.192.0|RA4=217.224.0.0/255.224.0.0|RA4=67.117.24.0/255.255.254.0|RA4=201.141.128.0/255.255.128.0|RA4=86.52.0.0/255.255.0.0|RA4=122.104.0.0/255.248.0.0|RA4=84.128.0.0/255.192.0.0|RA4=76.16.0.0/255.240.0.0|RA4=46.33.192.0/255.255.224.0|RA4=82.52.0.0/255.255.128.0|RA4=151.72.0.0/255.255.0.0|RA4=209.105.192.0/255.255.224.0|RA4=98.91.0.0/255.255.0.0|RA4=99.224.0.0/255.224.0.0|RA4=115.188.48.0/255.255.248.0|RA4=24.218.128.0/255.255.128.0|RA4=66.122.182.0/255.255.254.0|RA4=79.141.161.0/255.255.255.0|RA4=173.88.0.0/255.248.0.0|RA4=75.132.0.0/255.255.0.0|RA4=68.197.196.0/255.255.252.0|RA4=76.101.0.0/255.255.0.0|RA4=68.97.0.0/255.255.0.0|RA4=99.0.0.0/255.128.0.0|RA4=71.201.0.0/255.255.0.0|RA4=66.108.0.0/255.255.0.0|RA4=67.0.0.0/255.248.0.0|RA4=101.160.0.0/255.224.0.0|RA4=98.108.0.0/255.252.0.0|RA4=98.112.0.0/255.248.0.0|RA4=70.53.124.0/255.255.252.0|RA4=74.178.0.0/255.255.224.0|RA4=78.111.176.0/255.255.240.0|RA4=35.2.0.0/255.255.0.0|RA4=82.12.0.0/255.252.0.0|RA4=123.2.0.0/255.255.0.0|RA4=64.28.48.0/255.255.240.0|RA4=174.57.0.0/255.255.0.0|RA4=75.160.0.0/255.240.0.0|RA4=79.141.162.0/255.255.255.0|RA4=188.153.0.0/255.255.0.0|RA4=178.220.0.0/255.252.0.0|RA4=75.108.0.0/255.252.0.0|RA4=37.221.174.0/255.255.254.0|RA4=37.221.172.0/255.255.254.0|RA4=109.92.0.0/255.254.0.0|RA4=86.0.0.0/255.224.0.0|RA4=50.90.0.0/255.255.0.0|RA4=83.104.0.0/255.252.0.0|RA4=58.6.0.0/255.254.0.0|RA4=128.70.64.0/255.255.192.0|Name=Battlezone II Whitelist (UDP)|Desc=Enables UDP connections to the specified IPs for ports 17770 to 17772.|"

Re: Windows Firewall Whitelist

Posted: Tue Jan 07, 2014 1:51 am
by Commando
My windows firewall does not work if you specify ports 17770-17772 but does appear to work if you specify All Ports for local and remote ports.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited