SoFunction
Updated on 2025-04-09

Network firewall settings

Nowadays, network firewall has become a networking internet for netizens, but can it really play its role in a few people?
   
Many people do not set the functions of network firewalls and do not set the rules of network firewalls - in this way, the role of network firewalls will be greatly weakened...

The default settings of network firewalls are generally only common settings, which means that such settings should be roughly suitable for hundreds of users. Let me ask, will such a setting be 100% suitable for you? Surely impossible. Next, I will use my own practical experience to talk about my own views.

    Function Settings

Function settings belong to external settings. Why do you say so? Mainly because these settings do not change the rules that require intercepting and releasing objects.

For me, a broadband user who often surfs the Internet, random startup is absolutely indispensable. For dial-up users or users who do not frequently access the Internet, there are two solutions to start the firewall:
   
Solution 1: Manually turn on the firewall before surfing the Internet (General users)

Solution 2: Use a file to start the firewall and network connection together (advanced user)

Usually, network firewalls will have a security level option. For this choice, you must not choose casually. Because many users are unable to use certain network resources or have the opportunity to be taken advantage of by hackers because they do not choose according to the actual situation.

For technical LAN users with fixed IP like me, I think it's enough to set it to medium. Because we are not able to change our IPs at will like some users, so our defense must be higher than dynamic IP users.

But, is it better to be higher? no. Some users cannot use certain network resources, such as online live broadcasts, because they impractically set the security level to high-level and do not set the corresponding network rules in the rules.

Therefore, I suggest that ordinary users set the rules to medium and low.

As for other alarm settings, I don’t want to say more. However, I still want to remind you that interception must be recorded in the log. This is how we can review it.

 Rule setting

ICMP IGMP bombs have made some users frightened. Therefore, some users simply prohibit all ICMP and IGMP.

This is obviously a bad setting. Why? Because ICMP IGMP is used to bomb bombs, but it is impossible to intercept all the "I would rather kill ten thousand wrongly than let one go". Not to mention anything else, just say that the system resources consumed to intercept all ICMP IGMPs are countless...

I suggest that it is enough to intercept the ICMP type 1 (i.e. echo request). Why? Type 1 of ICMP is mainly used to prevent hackers from using ping commands to check whether you are online, so this type of ICMP must be intercepted.

If you are still worried about ICMP IGMP bombs, you might as well go to Microsoft to apply for a patch.

One of the major functions of network firewalls is to prevent *s and hackers, so it is necessary to set up your own rules to intercept *s and block hackers.

You might say, don’t there be default rules for network firewalls? Indeed, there is. However, this is just the most common *s and vulnerabilities. For new and harmful *s and loopholes, the original rules may not be able to meet his tasks.

So, how do we set rules?

First, we must use the information provided by the anti-virus manufacturer website. Because, there are detailed records of many viruses and * analysis results and vulnerabilities. I think even if you have the ability to analyze * source programs and find vulnerabilities, there is no need to do anything yourself, because there are too many *s and vulnerabilities, and it is simply unrealistic to analyze all the code yourself.

Then, set up your own firewall. Since the network firewall settings rules vary from manufacturer to manufacturer, this article cannot explain in detail.

Of course, this requires some professional knowledge. For ordinary users, it may be a bit difficult. what to do? Don't be afraid, you can borrow other people's achievements. For example, go to the forum to ask experts or directly send an email to ask experts to solve the problem.
   
It should also be reminded that firewall rules should not be repeated, and there should be no contradictions. Repeated rules waste system resources; contradictory rules make the firewall difficult, and ultimately give others the opportunity to take advantage of...

Network firewall settings are a science that can never be finished. If you are interested, you can also study it.