Win Firewall Inbound Rules (TCMD 16.x)

Alpengreis

Alpengreis

Jan 12, 2014
520
11
Switzerland, SO
Hi,

after install Take Command 16 64-bit, I have four automatically created INBOUND rules in Windows Firewall (Win 7 Ultimate 64-bit). So far so good. But are these not a bit oversized?

I have Allow rules for "tcmd.exe", "tcc.exe", "ide.exe" and "updater.exe" with ANY Ports and ANY protocol.

My question is now: how could these rules be restricted for incoming traffic?

Or in other words: are Inbound rules even necessary?

Thank you very much for answers in advance!

Greetings from Switzerland,
Alpengreis

PS: Sorry for my english ...
 
vefatica

vefatica

May 20, 2008
12,167
133
Syracuse, NY, USA
The only one I'm sure is necessary is TCC's rule. Without it, TCC can't open data channels for FTP. The last time I tried (v15, I believe), UPDATER.EXE worked fine with its rule disabled.
 
rconn

rconn

Administrator
Staff member
May 14, 2008
12,556
167
TCC needs it for internet access (FTP, SFTP, FTPS, etc.). IDE needs it if you want to debug any batch files that use the TCC internet routines. TCMD and UPDATER need it for registration & auto updates.

If you don't care about any of those, you can block them in Windows Firewall.
 
Alpengreis

Alpengreis

Jan 12, 2014
520
11
Switzerland, SO
Thanks!

... "needs it for internet access" but this is then outbound not inbound?

I mean, I have no server which need access from outside the local subnet.

... "for registration & auto updates" - ok, this make sense, if it's initiated through your server(s).

Would be this enough for Win 7 Firewall INBOUND?

TCC Protocol = TCP, Ports = 20,989 (for the ftp(s)-data channels)
TCC Protocol = UDP, Ports = 20,989 (for the ftp(s)-data channels)
TCMD Protocol = TCP, Ports = 80,443 (for registration and auto updates)
IDE = No inbound traffic allowed

20 = ftp-data
80 = http
443 = https
989 = ftps-data

OUTGOING of course has another rule set ...

Sorry for my persistence - but I do not want to simply allow all or block everything.

Kind regards,
Alpengreis
 
rconn

rconn

Administrator
Staff member
May 14, 2008
12,556
167
If you want to use HTTP, SFTP, SMTP, SMPP, SNMP, or SNPP from TCC you'll have to open ports for them too. If not, leave them closed.

There's no definitive set of firewall rules, because everybody has different needs. Experiment and see what works for you.
 
vefatica

vefatica

May 20, 2008
12,167
133
Syracuse, NY, USA
rconn said:
If you want to use HTTP, SFTP, SMTP, SMPP, SNMP, or SNPP from TCC you'll have to open ports for them too. If not, leave them closed.

There's no definitive set of firewall rules, because everybody has different needs. Experiment and see what works for you.
Click to expand...
I don't know about the others, but I doubt there would be any inbound traffic on port 80 (HTTP) ... at least none expecting TCC to be listening. You didn't include a web server in the newest version, did you?
Code: 
copy http://...
works fine with TCC firewall rule disabled
 
D

drwtsn32

May 26, 2008
550
6
Agreed... I don't know why inbound rules would be needed. AFAIK, these rules are for new, unestablished connections only. (Like if you have a server listening for incoming connections.)
 
Alpengreis

Alpengreis

Jan 12, 2014
520
11
Switzerland, SO
Yes, I also don't understand your answer, rconn, sorry! Why for incoming traffic with (except for (s)ftp data channels and eventually for server-initiated auto updates with TCMD (from your server(s) on port 80,443)?

Outbound, ok, this is another thing, that is (and was) clear - I have extra rules for outgoing traffic for tcc, etc. ... and this can be a (very) different setting, that's right ...

Even if, for example, anyone have a mail server - WHY does TCC or require a permit for incoming traffic? Then the mail server requires this, but not TCC ...

Now, I'm really confused!
 
Alpengreis

Alpengreis

Jan 12, 2014
520
11
Switzerland, SO
Hi, I have now created the right rules for me personally.

Nevertheless, it would be nice if here comes a response regarding "why for incoming traffic", also in the sense of other users!

Thanks and greetings,
Alpengreis
 
Alpengreis

Alpengreis

Jan 12, 2014
520
11
Switzerland, SO
No, this is not helpful to share my setting.

I don't know, if it's right or not. I have make a decision for ME personally and change the rules.

But it's possible to have problem with this setting - even because I don't know, why Inbound rules were sets automatically through the TCMD setup.

Eventually also Inbound it's not possible to have a "global"/standard setting for all.

But as I said: I don't know the reason why Inbound could be necessary, and this is my question ...

Greetings,
Alpengreis

PS: And my Outbound setting is anyway individual and not to share.
 
You must log in or register to reply here.

Similar threads

C
Last TCMD that supports win 7?
Replies
5
Views
858
Support
Charles G
C
vefatica
Console cursor height in Win 10
Replies
3
Views
1K
Support
rconn
rconn
vefatica
Win 10 to 7 VPN and UNC CWD
Replies
12
Views
2K
Support
AnrDaemon
A
R
How to? Win 10 virtual desktops and DESKTOP
Replies
4
Views
2K
Support
Rick Reinckens
R
Y
TCC on Win 1709 Build 17063.1000
Replies
5
Views
1K
Support
yakir
Y
fromano
WAD ver /r does not detect Win 10B10166
Replies
5
Views
2K
Support
RogerB
R
rps
Fixed Win "set /p" not working in V17 build 53
Replies
3
Views
2K
Support
gwgaston
gwgaston
S
Installing on Win 7 without invoking UAC
Replies
2
Views
1K
Support
Steven M. Geisler
S
A
Win 9x and Win ME
Replies
4
Views
2K
Support
Avi Shmidman
A
Roedy
Win 7 freeze on DVD full
Replies
4
Views
2K
Support
thedave
thedave
C
file lists, excluding files, TC 8.x , win xp pro sp2
Replies
1
Views
4K
Support
Charles Dye
Charles Dye
vefatica
Firewall rules?
Replies
6
Views
2K
Support
drwtsn32
D
Alpengreis
Windows Firewall Rules will be deleted
Replies
7
Views
4K
Support
Alpengreis
Alpengreis
Top Bottom