Dynamic and System Ports config

Murus
Post Reply
pete73
Posts: 2
Joined: Thu Jun 16, 2016 1:08 am

Dynamic and System Ports config

Post by pete73 » Fri Jun 17, 2016 3:11 am

Hi,

I am very new to all this and am a first time user of Murus. I have spend the past day or so getting used to the application and trying to understand how everything works and I am left with some questions.

I am just a home user but want my computer to be a secure as possible. When setting up a strategy I am unsure what rule-set to apply to system and dynamic ports. I have experimented with both blocking everyone as well as allowing from local network only. I obviously want my set up to work but regardless of which settings I try I still get a lot of blocked incoming connections, mainly from fe80::71:936c:f937:1e99 which has no hostname found.

Can someone please advise me on what configuration I should be used? is there an easy way to unblock a connection by adding it to the PF rule set? I have tried to find an easy way of doing this but given those logs are visible from Murus logs visualizer there are no editing options there.

Any advice will be greatly appreciated.

Thank you.

pete73
Posts: 2
Joined: Thu Jun 16, 2016 1:08 am

Re: Dynamic and System Ports config

Post by pete73 » Mon Jun 20, 2016 2:24 am

^^^ Anyone got any comments on my post above? some advice would be greatly appreciated from those more knowledgeable about Murus.

Thanks.

hany
Posts: 482
Joined: Wed Dec 10, 2014 5:20 pm

Re: Dynamic and System Ports config

Post by hany » Mon Jun 20, 2016 2:20 pm

Hello,
I am just a home user but want my computer to be a secure as possible. When setting up a strategy I am unsure what rule-set to apply to system and dynamic ports.
If you are not running services listening on these ports then you can simply block them or allow only your LAN.
I obviously want my set up to work but regardless of which settings I try I still get a lot of blocked incoming connections, mainly from fe80::71:936c:f937:1e99 which has no hostname found
this appears to be a local IPv6 address belonging to a device connected to your LAN network. It can be your router or, most probably, a smartphone/tablet or another computer. For example Macs and iDevices use IPv6 for network discovery.
is there an easy way to unblock a connection by adding it to the PF rule set? I have tried to find an easy way of doing this but given those logs are visible from Murus logs visualizer there are no editing options there
there are several ways to do it. For example if you want to allow all connections from an address (or more addresses) you can create a group and assign it to the ALL SERVICES service (or a copy of it). Or, you can issue a custom PF rule. In both cases you have to decide whether to block the ip, the port, or both. This is done in Murus, as Murus is the only place to configure PF, while Murus Logs Visualizer is only a log reader.

Post Reply