Windows Firewall Whitelist

Moderators: GSH, VSMIT, Red Devil, Commando

Post Reply
Commando
Flying Mauler
Posts: 2176
Joined: Fri Feb 18, 2011 6:41 pm

Windows Firewall Whitelist

Post by Commando »

There is nothing stopping you from setting up a whitelist in Windows Firewall. You just have to disable the opened port rule bz2 sets up then follow these steps.

Before you start with the following section, make sure you disable any rules allowing bz2 to go through Windows Firewall. The latest patches create profiles that will allow bz2 through, if you allow it.

Setting up a Whitelist with Windows Firewall.

[h]Opening up TCP[/h]

1. Go to "Control Panel"
2. Launch "Windows Firewall"
3. Click on "Advanced Settings"
4. Click on "Inbound Rule"
5. Select "New Rule" from the "Action Pane"
6. For "What type of rule would you like to create", select "Custom" then click "Next"
7. For "Does this rule apply to all programs or a specific program?", select "All programs", then click "Next"
8. For the "Protocol type", select "TCP"
9. For the "Local port", select "Specific ports"
10. Now specify ports "17770-17772"
11. Click "Next"
12. For "Which local IP addresses does this rule apply to?", select "Any IP addresses"
13. For "Which remote IP addresses does this rule apply to?", select "These IP addresses"
14. Click "Add", now enter the IP addresses you want to allow
15. Click "Next"
16. For "What action should be taken when a connection matches the specified conditions?", select "Allow the connection".
17. Click "Next"
18. For the "When does this rule apply?", select "Domain, Private, or Public", depending on what profile you are using
19. Click "Next"
20. For the name, give it "BZ2 Whitelist TCP"
21. Click Finished.

[h]Opening up UDP[/h]

There is nothing stopping you from setting up a whitelist in Windows Firewall. You just have to disable the opened port rule bz2 sets up then follow these steps.

Setting up a Whitelist with Windows Firewall.

1. Go to "Control Panel"
2. Launch "Windows Firewall"
3. Click on "Advanced Settings"
4. Click on "Inbound Rule"
5. Select "New Rule" from the "Action Pane"
6. For "What type of rule would you like to create", select "Custom" then click "Next"
7. For "Does this rule apply to all programs or a specific program?", select "All programs", then click "Next"
8. For the "Protocol type", select "UDP"
9. For the "Local port", select "Specific ports"
10. Now specify ports "17770-17772"
11. Click "Next"
12. For "Which local IP addresses does this rule apply to?", select "Any IP addresses"
13. For "Which remote IP addresses does this rule apply to?", select "These IP addresses"
14. Click "Add", now enter the IP addresses you want to allow
15. Click "Next"
16. For "What action should be taken when a connection matches the specified conditions?", select "Allow the connection".
17. Click "Next"
18. For the "When does this rule apply?", select "Domain, Private, or Public", depending on what profile you are using
19. Click "Next"
20. For the name, give it "BZ2 Whitelist UDP"
21. Click Finished.
Commando
Flying Mauler
Posts: 2176
Joined: Fri Feb 18, 2011 6:41 pm

Re: Windows Firewall Whitelist

Post by Commando »

The benefit to using Windows Firewall for the whitelist is you can protect your session from DDoSing. A bz2 whitelist will not offer this protection.

If my memory is correct, there was a posting on bz2maps.us indicating the DDoSer was attacking on port 17770, which bz2 opens when hosting. This is why a firewall rule will offer protection that bz2 cannot.

Windows firewall is just as powerful as bz2 when it comes to ip banning.

You can tell it to ban a specific ip address. Here are some examples.

192.168.1.1 // Only bans this particular IP
192.168.1.1/16 // bans anything starting with 192.168
192.168.1.1/24 //bans anything starting with 192.168.1

An IP address consists of 32 bits split up in fourths. That is why you will typically see /8, /16, /24, or /32

/8 being the first section, /16 being the first half, /24 being 3/4 of the ip, and /32 being the entire IP.
User avatar
MrTwosheds
Recycler
Posts: 3059
Joined: Sat Feb 19, 2011 8:37 am
Location: Outer Space
Contact:

Re: Windows Firewall Whitelist

Post by MrTwosheds »

It will not protect your router though, your connection will still be being dossed and clients effected.
The Silence continues. The War Of Lies has no end.
Commando
Flying Mauler
Posts: 2176
Joined: Fri Feb 18, 2011 6:41 pm

Re: Windows Firewall Whitelist

Post by Commando »

Disable respond to ping requests on the router. DoS attacks typically clog up a connection with malformed ping requests.
User avatar
Red Spot
Attila
Posts: 1629
Joined: Mon Feb 21, 2011 6:14 pm
Location: The Netherlands

Re: Windows Firewall Whitelist

Post by Red Spot »

MrTwosheds wrote:It will not protect your router though, your connection will still be being dossed and clients effected.
My router, which is about 10 years old, has more firewall settings than XP has.
I assume you can just 'whitelist' your router?
User avatar
GSH
Patch Creator
Posts: 2485
Joined: Fri Feb 18, 2011 4:55 pm
Location: USA
Contact:

Re: Windows Firewall Whitelist

Post by GSH »

Thanks. Topic stickied.

-- GSH
Commando
Flying Mauler
Posts: 2176
Joined: Fri Feb 18, 2011 6:41 pm

Re: Windows Firewall Whitelist

Post by Commando »

My instructions apply to Windows 7 and possibly Windows Vista and 8. They most likely won't apply to XP as the firewall is more limited in XP.

Windows firewall should be more than adequate for setting up a whitelist. Windows firewall gives me a lot more flexibility than my Linksys e3200, which isn't that old. I'm looking into replacing said router, but am holding off for the time being. Any consumer router is going to be fairly limited. If I was swimming in cash, I would go with a fortigate 60c or 80c as that is the hardware firewall my company typically uses.
Commando
Flying Mauler
Posts: 2176
Joined: Fri Feb 18, 2011 6:41 pm

Re: Windows Firewall Whitelist

Post by Commando »

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A79FD5D1-5AF7-46DA-9867-3BCEDAF777C5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=17770-17772|RA4=24.28.0.0/255.254.0.0|RA4=24.24.0.0/255.252.0.0|RA4=70.189.64.0/255.255.192.0|RA4=108.131.0.0/255.255.128.0|RA4=71.96.0.0/255.224.0.0|RA4=76.184.0.0/255.252.0.0|RA4=207.134.0.0/255.255.0.0|RA4=89.176.0.0/255.254.0.0|RA4=213.149.96.0/255.255.224.0|RA4=173.64.0.0/255.240.0.0|RA4=68.35.128.0/255.255.192.0|RA4=217.224.0.0/255.224.0.0|RA4=67.117.24.0/255.255.254.0|RA4=201.141.128.0/255.255.128.0|RA4=86.52.0.0/255.255.0.0|RA4=122.104.0.0/255.248.0.0|RA4=84.128.0.0/255.192.0.0|RA4=76.16.0.0/255.240.0.0|RA4=46.33.192.0/255.255.224.0|RA4=82.52.0.0/255.255.128.0|RA4=151.72.0.0/255.255.0.0|RA4=209.105.192.0/255.255.224.0|RA4=98.91.0.0/255.255.0.0|RA4=99.224.0.0/255.224.0.0|RA4=115.188.48.0/255.255.248.0|RA4=24.218.128.0/255.255.128.0|RA4=66.122.182.0/255.255.254.0|RA4=79.141.161.0/255.255.255.0|RA4=173.88.0.0/255.248.0.0|RA4=75.132.0.0/255.255.0.0|RA4=68.197.196.0/255.255.252.0|RA4=76.101.0.0/255.255.0.0|RA4=68.97.0.0/255.255.0.0|RA4=99.0.0.0/255.128.0.0|RA4=71.201.0.0/255.255.0.0|RA4=66.108.0.0/255.255.0.0|RA4=67.0.0.0/255.248.0.0|RA4=101.160.0.0/255.224.0.0|RA4=98.108.0.0/255.252.0.0|RA4=98.112.0.0/255.248.0.0|RA4=70.53.124.0/255.255.252.0|RA4=74.178.0.0/255.255.224.0|RA4=78.111.176.0/255.255.240.0|RA4=35.2.0.0/255.255.0.0|RA4=82.12.0.0/255.252.0.0|RA4=123.2.0.0/255.255.0.0|RA4=64.28.48.0/255.255.240.0|RA4=174.57.0.0/255.255.0.0|RA4=75.160.0.0/255.240.0.0|RA4=79.141.162.0/255.255.255.0|RA4=188.153.0.0/255.255.0.0|RA4=178.220.0.0/255.252.0.0|RA4=75.108.0.0/255.252.0.0|RA4=37.221.174.0/255.255.254.0|RA4=37.221.172.0/255.255.254.0|RA4=109.92.0.0/255.254.0.0|RA4=86.0.0.0/255.224.0.0|RA4=50.90.0.0/255.255.0.0|RA4=83.104.0.0/255.252.0.0|RA4=58.6.0.0/255.254.0.0|RA4=128.70.64.0/255.255.192.0|Name=Battlezone II Whitelist (TCP)|Desc=Enables TCP connections to the specified IPs for ports 17770 to 17772.|"
"{95E4AF86-E890-4F84-876E-2F201F48AF4D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_10=17770-17772|RA4=24.28.0.0/255.254.0.0|RA4=24.24.0.0/255.252.0.0|RA4=70.189.64.0/255.255.192.0|RA4=108.131.0.0/255.255.128.0|RA4=71.96.0.0/255.224.0.0|RA4=76.184.0.0/255.252.0.0|RA4=207.134.0.0/255.255.0.0|RA4=89.176.0.0/255.254.0.0|RA4=213.149.96.0/255.255.224.0|RA4=173.64.0.0/255.240.0.0|RA4=68.35.128.0/255.255.192.0|RA4=217.224.0.0/255.224.0.0|RA4=67.117.24.0/255.255.254.0|RA4=201.141.128.0/255.255.128.0|RA4=86.52.0.0/255.255.0.0|RA4=122.104.0.0/255.248.0.0|RA4=84.128.0.0/255.192.0.0|RA4=76.16.0.0/255.240.0.0|RA4=46.33.192.0/255.255.224.0|RA4=82.52.0.0/255.255.128.0|RA4=151.72.0.0/255.255.0.0|RA4=209.105.192.0/255.255.224.0|RA4=98.91.0.0/255.255.0.0|RA4=99.224.0.0/255.224.0.0|RA4=115.188.48.0/255.255.248.0|RA4=24.218.128.0/255.255.128.0|RA4=66.122.182.0/255.255.254.0|RA4=79.141.161.0/255.255.255.0|RA4=173.88.0.0/255.248.0.0|RA4=75.132.0.0/255.255.0.0|RA4=68.197.196.0/255.255.252.0|RA4=76.101.0.0/255.255.0.0|RA4=68.97.0.0/255.255.0.0|RA4=99.0.0.0/255.128.0.0|RA4=71.201.0.0/255.255.0.0|RA4=66.108.0.0/255.255.0.0|RA4=67.0.0.0/255.248.0.0|RA4=101.160.0.0/255.224.0.0|RA4=98.108.0.0/255.252.0.0|RA4=98.112.0.0/255.248.0.0|RA4=70.53.124.0/255.255.252.0|RA4=74.178.0.0/255.255.224.0|RA4=78.111.176.0/255.255.240.0|RA4=35.2.0.0/255.255.0.0|RA4=82.12.0.0/255.252.0.0|RA4=123.2.0.0/255.255.0.0|RA4=64.28.48.0/255.255.240.0|RA4=174.57.0.0/255.255.0.0|RA4=75.160.0.0/255.240.0.0|RA4=79.141.162.0/255.255.255.0|RA4=188.153.0.0/255.255.0.0|RA4=178.220.0.0/255.252.0.0|RA4=75.108.0.0/255.252.0.0|RA4=37.221.174.0/255.255.254.0|RA4=37.221.172.0/255.255.254.0|RA4=109.92.0.0/255.254.0.0|RA4=86.0.0.0/255.224.0.0|RA4=50.90.0.0/255.255.0.0|RA4=83.104.0.0/255.252.0.0|RA4=58.6.0.0/255.254.0.0|RA4=128.70.64.0/255.255.192.0|Name=Battlezone II Whitelist (UDP)|Desc=Enables UDP connections to the specified IPs for ports 17770 to 17772.|"


Commando
Flying Mauler
Posts: 2176
Joined: Fri Feb 18, 2011 6:41 pm

Re: Windows Firewall Whitelist

Post by Commando »

My windows firewall does not work if you specify ports 17770-17772 but does appear to work if you specify All Ports for local and remote ports.
Post Reply