How do port settings work in a firewall?

[gilgalad]

Hey everyone. Yes, I know...I still run Windows. I like my Linux, but after being raised on MS-DOS, Tandy Deskmate, and Windows 3.1, I have a certain attachment to it. I'm currently running Windows XP Pro, and the built-in firewall pushes me to ask certain questions. I know that certain ports have certain functions (telnet: 23, ftp: 21, some P2P applications: 80) but the limitation of port numbers still intrigues me. How do I allow incoming/outgoing TCP and UDP packets through Windows XP's firewall, and is it possible to assign any unused number for a specific ports. (Basically, what are the limitations to port assignment and firewall rules?)

Cheers,
gilgalad

[|The|Specialist]

The windows XP default firewall is very... very... veeeery... limited. Sure if you look around there are functions kinda like the ones you mentioned but anyways I haven't checked into this but I beleave that it audits/blocks only incomeing, not to mention there are a few problems down the line when you install another firewall for the outgoing so there is no telling what kinda programs are trying to phone home. Its a fair firewall but to be honest I would only suggest useing it if you had no firewall at all and you needed more time to get a better one.

[shayla]

Ditch the xp firewall, its crap. Google outpost ,tiny or zonealarm for a free one that will be much , much better. I am quite sure there will be many links to decent free ones in the forums here if you do a search. I can't say how to configure xps firewall but i do know it only is concerned with incoming packets and is universally disliked.

[ericc]

To view all the ports assignment on your WinXP PC, use notepad to open the "services" file in WINDOWS\SYSTEM32\DRIVERS\ETC.
You can modify the port from their default settings. I.e http -tcp port 80 to port xxxx.

A firewall (hardware), works by applying "rules/access-list" to all incoming/outgoing packets. Firewall will process these packets against the rules that you've specified. In your "rules", you can either permit(allow) or deny(block) the packet to pass thru the firewall.
i.e, you want to browse webpages; therefore in your firewall "rules", you'll allow(permit) tcp port 80 to pass thru your firewall.
Other traffic/application, using other ports will be blocked. (this normally a firewall default, all port will be blocked unless you permit the port).
When working with firewalls, knowledge of ports is very important, because you'll use it when applying the rules.

[Rushyo]

www.hackerthreads.org has a big list of ports and what they do. Don't forget that if you're worried about trojans blabla then they could use nearly any damn port.

www.blackcode.com has a neat little scanner which tells you what ports are open on your local machine which may be in use by trojans, consult it beforehand.