诺顿网络特警防火墙设置及添加修改规则2013.03.13重新修正

jxfaiu

服装ing 发表于 2012-12-11 12:29
添加选取23，107，111，135，137，139，445，531，544，556，UDP和ICMP都也要添加这些端口吗？我还以为只TC ...

ICMP协议不一样的，ICMP协议只有：0,3,4,5,9-18，回显回复、目标不可到达、源抑制、重定向、路由器通告、路由器请求、数椐报超时、数椐报上的参数问题、时间戳请求、时间戳回复、信息请求、信息回复、地址掩码请求、地址掩码回复

jxfaiu

服装ing 发表于 2012-12-11 12:34
那你写的那些端口，是添加到什么上面进去呢，我愣是不明白了

添加选取23，107，111，135，137，139，445，531，544，556，点确定后还可以点添加，选单独指定的端口，切记一次只能输入一个端口号，端口必须是有效的才能添加，要输入多个列表中没有的端口号重复点添加即可；
NIS与SEP防火墙不同，添加端口号SEP可以一次复制；NIS列表外的必须一个个输入，而且必须NIS认为有效的；

服装ing

jxfaiu 发表于 2012-12-11 12:39
添加选取23，107，111，135，137，139，445，531，544，556，点确定后还可以点添加，选单独指定的端口， ...

是添加到TCP阻止  出站   而已吗，还需要添加到UDP什么的吗？？？

jxfaiu

服装ing 发表于 2012-12-11 12:45
是添加到TCP阻止  出站   而已吗，还需要添加到UDP什么的吗？？？

我给你个列表，以下列表是在SEP，如有在NIS中提示无效端口号请放弃输入：NIS防火墙请勿一键复制

禁止TCP本地端口传入,协议：TCP，方向：传入，本地端口：
0,22,23,25,31,41,58,79,80,99,107,110,111,113,119,121,135,137,138,139,143,146,311,443,445,513,531,544,548,555,556,666,911,999,1001,1010,1011,1012,1015,1024,1025,1026,1027,1028,1029,1030,1042,1045,1057,1090,1095,1097,1098,1099,1234,1243,1245,1345,1349,1492,1524,1600,1807,1831,1981,1999,2000,2001,2002,2003,2004,2005,2023,2115,2140,2565,2583,2773,2774,2801,3024,3129,3150,3389,3700,4092,4267,4567,4590,4899,5000,5001,5168,5321,5333,5400,5401,5402,5550,5554,5555,5556,5557,5569,5742,6400,6670,6711,6771,6776,6939,6969,6970,7000,7215,7300,7301,7306,7307,7308,7597,7626,7789,9408,9535,9872,9873,9874,9875,9898,9989,10067,10167,10168,10520,10607,11000,11223,12076,12223,12345,12346,12361,12362,12363,12631,13000,14500,14501,14502,14503,15000,15382,16484,16772,16969,17072,17166,19191,19864,20001,20002,20023,20034,21544,22222,23005,23006,23023,23032,23456,23476,23477,25685,25686,25982,26274,27374,29104,30001,30003,30029,30100,30101,30102,30103,30133,30947,31337,31338,31339,31666,31785,31787,31788,31789,31791,31792,32100,32418,33333,33577,33777,33911,34342,34555,35555,40421,40422,40423,40424,40425,40426,41337,41666,47262,49301,50130,50505,50766,51996,53001,54283,54320,54321,55165,57341,58339,60000,60411,61348,61466,61603,63485,65390,65432,65535

禁止UDP本地端口传入,协议：UDP，方向：传入，本地端口：0,31,41,111,135,137,138,139,146,161,445,666,999,1027,1042,1561,1900,2140,2989,3129,3150,3700,4006,5168,6670,6771,8225,9872,9873,9874,9875,10067,10167,22226,26274,27374,31337,31785,31787,31788,31789,31791,31792,34555,40421,40422,40423,40425,40426,47262,54320,54321,60000

禁止UDP本地端口传出,协议：UDP，方向：传出，本地端口：0,31,41,135,137,138,139,146,445,666,999,1027,1042,1561,2140,2989,3129,3150,3700,4006,5168,6670,6771,8225,9872,9873,9874,9875,10067,10167,22226,26274,27374,31337,31785,31787,31788,31789,31791,31792,34555,40421,40422,40423,40425,40426,47262,54320,54321,60000

禁止TCP本地端口传出,协议：TCP，方向：传出，本地端口：0,22,23,31,41,58,107,111,121,146,137,138,139,146,311,445,531,544,548,555,556,666,911,999,1001,1010,1011,1012,1015,1024,1025,1026,1027,1028,1029,1030,1042,1045,1057,1090,1095,1097,1098,1099,1234,1243,1245,1345,1349,1492,1524,1600,1807,1831,1981,1999,2000,2001,2002,2003,2004,2005,2023,2115,2140,2565,2583,2773,2774,2801,3024,3129,3150,3389,3700,4092,4267,4567,4590,4899,5000,5001,5168,5321,5333,5400,5401,5402,5550,5554,5555,5556,5557,5569,5742,6400,6670,6711,6771,6776,6939,6969,6970,7000,7215,7300,7301,7306,7307,7308,7597,7626,7789,9408,9535,9872,9873,9874,9875,9898,9989,10067,10167,10168,10520,10607,11000,11223,12076,12223,12345,12346,12361,12362,12363,12631,13000,14500,14501,14502,14503,15000,15382,16484,16772,16969,17072,17166,19191,19864,20001,20002,20023,20034,21544,22222,23005,23006,23023,23032,23456,23476,23477,25685,25686,25982,26274,27374,29104,30001,30003,30029,30100,30101,30102,30103,30133,30947,31337,31338,31339,31666,31785,31787,31788,31789,31791,31792,32100,32418,33333,33577,33777,33911,34342,34555,35555,40421,40422,40423,40424,40425,40426,41337,41666,47262,49301,50130,50505,50766,51996,53001,54283,54320,54321,55165,57341,58339,60000,60411,61348,61466,61603,63485,65390,65432,65535

禁止ICMP传入,协议：ICMP，方向：传入，勾选9-18，路由器通告、路由器请求、数椐报超时、数椐报上的参数问题、时间戳请求、时间戳回复、信息请求、信息回复、地址掩码请求、地址掩码回复

禁止ICMP传出,协议：ICMP，方向：传出，勾选0,3,4,5,9-18，回显回复、目标不可到达、源抑制、重定向、路由器通告、路由器请求、数椐报超时、数椐报上的参数问题、时间戳请求、时间戳回复、信息请求、信息回复、地址掩码请求、地址掩码回复

大胖

哥不准备折腾这个了

zst470396853

可否给出 全部的设置  你这里只有 TCP的

如图 你的全部设置  帮助下防火墙小白啊。。

柯林

tcp的本地高危端口拦截，外网用户可以简化一点，可以参考风云墙的1-512拦截

另，诺顿有一条默认不显示的扫尾规则Block All ，在日志里可以看到，默认的其实也很完善了，外网用户加个防止ping入，不勾选允许NetBios通信和文件共享，加个本地高危端口的拦截，一般也可以了。个人觉得还是设为询问程序联网比较符合大众的使用习惯。

逐海飘的风

学习一下，收藏以后有空安装了再慢慢折腾它。

服装ing

会影响网速或者卡机吗

chen月

你这个教程没有写全吧？我看你的规则列表中还有好几个自己添加的  你的教程只有写了第一个   我等小白如何跟着你能够全部把规则做完呢   麻烦全部贴出来吧   包括你的UDP   ICMP  以及后面的非默认规则     不然你这个帖子基本没用  包括你给的那个PDF   一样没用啊