C
Chuck
Lane,
The ports that I listed are what the File and Printer Sharing service, on each
computer, listens on. A computer will generally listen (receive) on known ports,
and speak (send) from dynamic ports.
To enable file sharing on ICF (the pre-SP2 WF), which only filters incoming
traffic, you can only enable traffic based upon the local port where it's going.
With ICF, you simply permit traffic to 5 local ports (TCP 139, 445 and UDP 137,
138, 445).
With WF, which filters both incoming and outgoing traffic, you enable a preset
rule, the File and Printer Sharing exception.
With Sygate PF, which is rules based, but has a gui interface, I think you
enable two rules.
1) Outgoing Local Port Any to Remote Ports Specified (TCP 139, 445 and UDP 137,
138, 445).
2) Incoming Remote Port Any to Local Ports Specified (TCP 139, 445 and UDP 137,
138, 445).
Since you are on a wireless LAN, each computer (connected wired or wireless), is
at risk. So you should disable DHCP on the router, assign fixed ip addresses to
each computer, and filter each remote address based upon assigned fixed ip
addresses.
Looking at the picture you provided, I see an Applications tab. Is there a
preset rule for File and Printer Sharing on there? Using that will be hella
easier than making your own rules.
You also might get more detailed advice from posting in comp.security.firewalls.
The experts there can tell you, better than I can, how to setup SPF. All
firewall experts aren't aware of the dangers of wireless LANs, so they won't all
recommend filtering remote address based upon known assigned addresses in your
subnet. But they can tell you specifically what rules you can setup in SPF.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.