Firewall Rule Properties Page: Protocols and Ports Tab

Applies To: Windows 7, Windows Server 2008 R2

Use this tab to specify which protocols and ports in a network packet match this firewall rule.

To get to this tab

  • In the Windows Firewall with Advanced Security MMC snap-in, in either Inbound Rules or Outbound Rules, double-click the firewall rule you want to modify, and then click the Protocols and Ports tab.

Protocol type

Select the protocol whose network traffic you want to filter with this firewall rule. If the protocol you want is not in the list, then select Custom, and type the protocol number in Protocol number. You can use any protocol number listed by the Internet Assigned Numbers Authority (IANA).

If you specify TCP or UDP in the list, then you can specify the TCP or UDP port numbers in Endpoint 1 port and Endpoint 2 port.

For a list of the protocols, their protocol numbers and a brief description, see Firewall Rule Properties Page: Protocol and Ports Tab (https://go.microsoft.com/fwlink/?linkid=137823) in the TechNet Library.

Local port

If you are using the TCP or UDP protocol type, you can specify the local port by using one of the choices from the drop-down list or by specifying a port or a list of ports. The local port is the port on the computer on which the firewall profile is applied.

The following options are available for inbound rules:

  • All Ports. Available for both TCP and UDP on inbound and outbound rules. Selecting this option specifies that all of the ports for the selected protocol match the rule.

  • Specific Ports. Available for both TCP and UDP on inbound and outbound rules. Selecting this option enables the text box where you can type the port numbers you need. Separate port numbers with commas and include ranges by separating the low and high values with a hyphen.

  • RPC Endpoint Mapper. Available for TCP on inbound rules only. Selecting this option allows the local computer to receive incoming RPC requests on TCP port 135 to the RPC Endpoint Mapper (RPC-EM). A request to the RPC-EM identifies a network service and asks for the port number on which the specified network service is listening. RPC-EM responds with the port number to which the remote computer should send further network traffic for the service. This option also enables RPC-EM to receive RPC over HTTP requests.

  • RPC Dynamic Ports. Available for TCP on inbound rules only. Selecting this option allows the local computer to receive inbound network packets to ports assigned by the RPC runtime. Ports in the RPC ephemeral range are blocked by Windows Firewall unless assigned by the RPC runtime to a specific RPC network service. Only the program to which the RPC runtime assigned the port can receive inbound traffic on that port.

Important

Creating rules to allow RPC network traffic by using the RPC Endpoint Mapper and RPC dynamic ports options allows all RPC network traffic. Windows Firewall cannot filter RPC traffic by the universally unique identifier (UUID) of the destination program.
When an application uses RPC to communicate from a client to a server, you must typically create two rules, one for RPC Endpoint Mapper and one for Dynamic RPC.

  • IPHTTPS. Available for TCP only. Available under Local port for inbound rules. Selecting this option allows the local computer to receive incoming IP over HTTPS (IPTHTTPS) packets from a remote computer. IPHTTPS is a tunneling protocol that supports the embedding of Internet Protocol version 6 (IPv6) packets in IPv4 HTTPS network packets. This allows IPv6 traffic to traverse some IP proxies that do not support IPv6 or some of the other IPv6 transition technologies, such as Teredo and 6to4.

  • Edge Traversal. Available for UDP on inbound rules only. Selecting this option allows the local computer to receive incoming Teredo network packets. Teredo is an IPv4-to-IPv6 transition protocol.

Remote port

If you are using the TCP or UDP protocol type, you can specify the local port and remote port by using one of the choices from the drop-down list or by specifying a port or a list of ports. The remote port is the port on the computer that is attempting to communicate with the computer on which the firewall profile is applied.

The following options are available for inbound rules:

  • All Ports. Available for both TCP and UDP on inbound and outbound rules. Selecting this option specifies that all of the ports for the selected protocol match the rule.

  • Specific Ports. Available for both TCP and UDP on inbound and outbound rules. Selecting this option enables the text box where you can type the port numbers that you need. Separate port numbers with commas and include ranges by separating the low and high values with a hyphen.

  • IPHTTPS. Available for TCP only. Available under Remote port for outbound rules. Selecting this option allows the local computer to send outbound IPTHTTPS packets to a remote computer. IPHTTPS is a tunneling protocol that supports embedding IPv6 packets in IPv4 HTTPS network packets. This allows IPv6 traffic to traverse some IP proxies that do not support IPv6 or some of the other IPv6 transition technologies, such as Teredo and 6to4.

ICMP Settings

Click Customize to configure settings for Internet Control Message Protocol (ICMP). The Customize button is enabled only when you choose the ICMPv4 or ICMPv6 protocol types. For more information, see Dialog Box: Customize ICMP Settings.

Additional references