Firewall Service (Compact 7)
3/12/2014
The Firewall Service provides network security for Windows Embedded Compact 7. The Firewall Service enforces a set of rules that filter unsafe and unwanted network traffic on multiple layers, including IP and TCP. The following features are included in the Firewall Service:
- Block port scanning
- Block ping requests
- Block network traffic for specific protocols
- Block inbound and outbound traffic
- Allow port exceptions
- Allow trusted IP addresses
Firewall Service rules are a group of registry settings that determine how network traffic is filtered by accessing Windows Filtering Platform (WFP) APIs. The Firewall Service includes the following set of rules, enabled by default, when the Firewall Service is added to your OS:
- Block all inbound traffic for TCP and User Datagram Protocol (UDP)
- Block ping requests from remote IP addresses
- Allow all outbound traffic
- Block TCP reset (RST) on closed TCP ports to prevent TCP port scanning
- Block Internet Control Message Protocol (ICMP) error on closed UDP ports to prevent UDP port scanning
You can edit and remove the default rules, or you can create new rules. For information about modifying, removing, or creating rules, see Firewall Service Rules.
To add the Firewall Service to your OS, see Firewall Service Catalog Items and Sysgen Variables.
To configure the Firewall Service, see Firewall Service Rules.
For reference information, see Firewall Service Registry Settings.
Source code for the Firewall Service is at public/servers/sdk/samples/services/firewall. It covers logic to respond to start/stop requests.