防火墙win7防火墙设置（Win7 firewall settings）

win7防火墙设置Win7 firewall settings

Win7 firewall settings:

1, we must first turn off the win7 automatic restore function.Automatic reduction called intelligent win7 reduction, becauseafter a restart when it is set to restore it. Turn off theautomatic reduction of operation is as follows: click Start -control panel - System - system protection, select the localdisk (C:) (system) -closed. One possible UAC, you need to enterthe administrator password.

2, start - enter CMD in the search programs and files in thebox, showing the presence of the cmd.exe program, right click-run as administrator identity, if you are the administrator,UAC prompts you to yes or no, if not the administrator, you needto enter the administrator password. Now at the command line.Run the secpol.msc, open the local security policy dialog box.Note the difference between win7 and Win XP

In Win XP, the administrator account must have administratorprivileges, they are consistent. But in win7, although theadministrator account, but still with ordinary accountidentity program. From CMD can also see if the administrator,it will display the administrator, if the general identity isnot displayed. But if you take a administrator account to runthe program, you are running with administrator privileges.This is the difference between administrator and otheradministrator account. In the win7 administrator is disabledby default.

3, navigate to the Windows firewall with advanced security.

Right click the Windows firewall with advanced security- lgpo- point attribute, open the properties dialog box. For homeusers, the general public domain, special, set to the same,actually if you only use a public network, you only need to setthe public profile tab. But for simple, we set it as consistent.Firewall status: enabled (recommended) ; inbound connections:block all connections; outbound connections: stop. We do notchoose the default settings, the default security settingsbelow us. For home users, if you choose inbound connections:stop all connections, then your computer cannot be server, willprevent eMule, KuGoo, and many other functions of the software,if you don' t want to be so strict, for example, you want to useremote desktop, set for the inbound links: (stop the default) .We do not use the default connection out of the station, stopusing.

We conducted a simple introduction to these two:

Inbound connections if the default value, then in accordancewith the rules of the inbound connection is allowed, if set toblock all connections, then any inbound connections areprohibited, even if it is not connected to conform to the rulesof the machine. So in such circumstances, can not use the remotedesktop. If set to allow outbound connections (default) , anyprogram can access the Internet, this is not what we want, weonly hope we allow programs to access the internet. A good pointto determine. If no accident, then any programat this time willnot be able to access the Internet. (if IE, indicating that ithas been added to the rules in the. We would not need IE accessrules. )

4 point, inbound and outbound rules can see the rules, thefollowing is empty. Because we are not allowed to access thenetwork program.

We do not need to set the rules into the station, because wehave stopped all connections, the design is useless. Thestation is that we need to set the rules, otherwise how can weuse the Internet? Right click outbound rules --- new rules -a dialog box, choose the program, the next step, enter thesystem of this procedure in the path of the next step, then setto allow connection, in the name of the input "to allow systemaccess network". You canmodify this rule we establish the ruleson the right side of the box. We do not need to be modified forsystem. Note that if you set the private network to network inthe Internet, you need special tick rather than the public.After this rule configuration is good, the rest is similar.We need to build three rules, to lay a good foundation for theinternet. The other two rules are as follows:

Name: DNS (1) allows programs and services; - thisprogram:%SystemRoot%\System32\svchost.exe; protocol and port-protocol type: UDP; local port: 1024-65535, remote port: 53;senior public.

(2) Name: allow back; procedures and service: all meet thespecified conditions and procedures; Protocol -protocol porttype: ICMPv4; senior public. And in front of that allow systemto access the network, a total of three.

5 point control panel ---windows f irewall ---windows advanced

settings, UAC control dialog box, asking you to confirm whetheror not to continue, if not the administrator requires you toenter the administrator password. Open the advanced windowssecurity firewall on the local computer, the inboundconnections, outbound connections, and we in the Group Policyunder the same setting, same. The three rule is set in frontof the US, this can not be changed. Group policy is set higherthan the setting. We have derived the rules here after save ina file for recovery.

IE set:

Point out of the station rule, a new rule is as follows:Name: "IE is allowed access to the Internet" programs andservices:%ProgramFi les%\Internet; Explorer\iexplore.exe;protocol and port, protocol type: TCP; 1024-65535; remote portlocal port: 80; senior public. The open IE, you can see, theinternet. The other is similar, so, only after we allow theprogram to access a network.

The setting of QQ:

Name: QQ is allowed access to the Internet; protocol and port- protocol type: UDP; remote port: 8000; senior public.If you QQ were set up as above will be landing in the port numberQQ landing interface named QQ. If you do not specify a remoteport number, do not have. If you're not sure for a program witharbitrary port number. Use the port number after some morestringent restrictions.

From our previous settings can be seen, only system is open.The svchost. exe port is open, and it only and remote port 53communication is essentially closed. Because the horse is notpossible with the remote port 53 communication