Symantec Client Firewall default System-Wide rules

Article:TECH99722  |  Created: 2002-01-23  |  Updated: 2006-01-09  |  Article URL http://www.symantec.com/docs/TECH99722
Article Type
Technical Solution


Environment

Issue



You want to know what the default System-Wide rules for Symantec Client Firewall are, what they do, and why they should not be changed.


Solution



A number of rules are predefined and enabled when you install the Symantec Client Firewall client. The default System-Wide rules for the Symantec Client Firewall client are listed in the following table:

Rule
Traffic allowed/user protected from
Consequences of changing rule state
Default Inbound ICMP Allows locally generated network probing (ping, traceroute); allows responses to come back to the computer. Ping, traceroute will fail.
Default Outbound ICMP Allows locally generated network probing (ping, tracert) - allows queries to go out. Ping, traceroute will fail.
Default Inbound DNS Receives responses to DNS requests. DNS will fail. For more security, change this rule to allow the DNS to and from the user's primary DNS only.
Default Outbound DNS Allows DNS queries. DNS will fail. For more security, change this rule to allow the DNS to and from the user's primary DNS only.
Default Inbound NetBIOS Name Prevents lookup of the computer's name via NetBIOS. Name profiling can be done via NetBIOS.
Default Inbound NetBIOS Blocks Windows file and print sharing. Some NetBIOS file and print sharing information will be mappable.
Default Outbound NetBIOS Allows Windows file and print sharing on other servers (the client can access someone else's share). Prevents and prompts on attempts to connect to someone else's file share.
Default Inbound Loopback Allows local host communication. A significant number of programs which use IP to communicate between processes on the same computer will fail or prompt.
Default Outbound Loopback Allows local host communication. A significant number of programs which use IP to communicate between processes on the same computer will fail or prompt.
Block Access to Secure Sites Keyed to the Enable secure HTTP connections option in Privacy Control on the Symantec Client Firewall client. The Enable secure HTTP connections option in Privacy Control on the Symantec Client Firewall client will stop working.
Default Block Inbound and Outbound ICMP Blocks any ICMP not permitted by the default permit rules. Ping and traceroute will fail.
Block Windows File Sharing Blocks Windows file and print sharing. The intent of this rule is to provide a simple switch for turning on file and printer sharing. Attempts to connect to this computer for file and printer sharing will fail or prompt the user.
Default Inbound Bootp Allows a response to a request for a dynamic IP address assignment via BootP or DHCP. Computers without a static IP address will not be able to get an IP address assigned.
Default Outbound Bootp Allows requests for a dynamic IP address assignment via BootP or DHCP. Computers without a static IP address will not be able to get an IP address assigned.
Default Block Microsoft Windows 2000 SMB Blocks SMB, which can be used as an alternate file and print sharing mechanism. SMB connection attempts will cause alerts or be permitted.
Default Block EPMAP Blocks EPMAP, which can be used to remotely configure some services. EPMAP connections will cause alerts or be permitted.







Legacy ID



2002072314160148


Article URL http://www.symantec.com/docs/TECH99722


Terms of use for this information are found in Legal Notices