0

I created the following script basically to block absolutely everything and only allow through what I want, however it's not allowing through what I like in regards to the internet. Can anyone see an issue with my rules? Currently they are pretty generic.

@ECHO OFF

ECHO ========================================= Brendan Thompson - Firewall Policy - v1.0 =========================================

ECHO ----------------------------------------- Removing All Firewall Rules -----------------------------------------

ECHO Deleting all Incoming Firewall Rules
netsh advfirewall firewall delete rule name=all dir=in profile=any

ECHO Deleting all Outgoing Firewall Rules
netsh advfirewall firewall delete rule name=all dir=out profile=any

ECHO Delete all Remaining Firewall Rules
netsh advfirewall firewall delete rule name=all


ECHO ----------------------------------------- Initial Profile Setup -----------------------------------------

ECHO Block all Incoming and Outgoing Traffic on Domain Profile
netsh advfirewall set domainprofile firewallpolicy blockinbound,blockoutbound

ECHO Block all Incoming and Outgoing Traffic on Private Profile
netsh advfirewall set privateprofile firewallpolicy blockinbound,blockoutbound

ECHO Block all Incoming and Outgoing Traffic on Public Profile
netsh advfirewall set publicprofile firewallpolicy blockinbound,blockoutbound

ECHO ----------------------------------------- Domain and Private Profile - Incoming Application Exceptions -----------------------------------------
netsh advfirewall firewall add rule name="APP - BROWSER - Internet Explorer" dir=in action=allow profile=domain,private program="C:\Program Files\Internet Explorer\iexplore.exe"

ECHO ----------------------------------------- Domain and Private Profile - Outgoing Application Exceptions -----------------------------------------
netsh advfirewall firewall add rule name="APP - BROWSER - Internet Explorer" dir=out action=allow profile=domain,private program="C:\Program Files\Internet Explorer\iexplore.exe"

ECHO ----------------------------------------- Domain and Private Profile - Incoming Port Exceptions  -----------------------------------------
netsh advfirewall firewall add rule name="PORT - GENERAL - HTTP (80) - TCP" dir=in action=allow protocol=TCP localport=80
netsh advfirewall firewall add rule name="PORT - GENERAL - HTTP (80) - UDP" dir=in action=allow protocol=UDP localport=80

ECHO ----------------------------------------- Domain and Private Profile - Outgoing Port Exceptions  -----------------------------------------
netsh advfirewall firewall add rule name="PORT - GENERAL - HTTP (80) - TCP" dir=out action=allow protocol=TCP localport=80
netsh advfirewall firewall add rule name="PORT - GENERAL - HTTP (80) - UDP" dir=out action=allow protocol=UDP localport=80

Any ideas what's going wrong that would cause me not to be able to browse the web? :S

--Brendan

Dan
  • 15,430
  • 1
  • 36
  • 67
Brendan Thompson
  • 13
  • 2

2 Answers2

2

You need to allow DNS outbound (dst udp/53). I would suggest enabling the windows firewall logging on all profiles and review the log "c:\windows\system32\logfiles\pfirewall.log" to see what is being blocked.

Your outbound IE rules also need "localport" switched to "remoteport"

Jacob
  • 321
  • 2
  • 5
1

Your rules are wrong. For Incoming Port Exceptions, you must allow traffic from port 80 to High port(1024 - 65535).

And for Outgoing Port Exceptions, you must allow traffic from High port(1024 - 65535) to port 80

Your traffic look like this

- Begin: You send HTTP request

  YourPC(High port) ----> (80)Webserver

- Then : Webserver send HTTP respone

  YourPC(High port) <---- (80)Webserver

Your rules does't allow these traffic, It only allows traffic to your machine port 80.

cuonglm
  • 2,386
  • 2
  • 16
  • 20