Max. Security Rules for Outpost Firewall

[Tek-Soft]

All ICMP Rules
!!!!!!!!!!!!!!!!!!!!
UnCheck theme all, unless you are using scanner than leave ICMP0/In and ICMP8/Out checked.

Answer Type
!!!!!!!!!!!!!!!!!!!
Leave it on default 'Stealth', this makes your computer invisible online to attackers.

Global Application and System Rules
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Create or Change 'Allow DNS Resolving' rule
1. Where the protocol is 'UDP'
Where the specified remote port is '53'
Where the remote host is 'your isp dns'
2. Allow and optionaly report if you whant.

Create or Change 'Block Remote Procedure Call (TCP) rule
1. Where the protocol is 'TCP'
Where the direction is 'Inbound'
Where the local port is '135'
2. Deny it and optionaly report.

Create or Change 'Block Remote Procedure Call (UDP) rule
1. Where the protocol is 'UDP'
Where the direction is 'Inbound'
Where the local port is '135'
2. Deny it and optionaly report.

Create or Change 'Block Server Message Block Protocol (TCP) rule
1. Where the protocol is 'TCP'
Where the direction is 'Inbound'
Where the local port is '445'
2. Deny it and optionaly report.

Create or Change 'Block Server Message Block Protocol (UDP) rule
1. Where the protocol is 'UDP'
Where the direction is 'Inbound'
Where the local port is '445'
2. Deny it and optionaly report.

Create 'Block All TCP 1-65535 Inbound'
1. Where the protocol is 'TCP'
Where the direction is 'Inbound'
Where the local port is '1-65535'
2. Deny it and optionaly report.

Create 'Block All UDP 1-65535 Inbound'
1. Where the protocol is 'UDP'
Where the direction is 'Inbound'
Where the local port is '1-65535'
2. Deny it and optionaly report.

NOTE: If you will blocking all TCP/UDP ports Inbound and Outbound you will have problem with other programs connecting to the internet, so when you whant to allow program to connect to the internet UnCheck this rules and run this program and allow it to connect to the internet and then Check this rules on again. You'll have maximum security if you'll block TCP/UDP, In/Out all off the ports.

HELP: Try to check if you have listenning ports on your system by looking in windows netstat, go to run or click CTRL+R then type this command: cmd /k netstat -an to see all the listenning ports on your system or if you would like to refresh netstat automatically type:
cmd /k netstat -an 3 where 3 is how many second you whant.

Hope this will help some one to secure their system(s) against any attackers!

[Dmut]

I would also recommend next rules:
1) allow ICMP/3 (Destination Unreachable) In
2) allow ICMP/4 (Source Quench) In
3) allow ICMP/11 (Time Exceed for Datagram) In

Also, 'Block All TCP 1-65535 Inbound' and 'Block All UDP 1-65535 Inbound' is quite useless, better to switch OP to "block most" mode - all unknown connection be will blocked.

[Paranoid2000]

For maximum security I would also suggest removing the DNS rule from the Global rules - this means having to create a specific one for each application but does mean that a hostile application cannot even find an IP address without you permitting it (and does defeat certain leaktests). Having a Protocol TCP, Remote Port DNS, Deny as a Global rule would be a good idea in this case since it saves you from having to set up a second DNS rule to cover TCP for each application (normally UDP is used, but long queries switch to TCP - I have never noticed any ill-effects from blocking them though).

[Paranoid2000]

Also, uncheck the "Allow Loopback" rule under Options/System/Global Applications and System Rules. This rule effectively allows any application to access the Internet via a proxy server should you be running one (examples include WebWasher, Proxomitron or Naviscope). Removing it will require you to define extra application rules for each program that needs access to the proxy (like web browsers) but will remove a potentially serious backdoor.