/
Personal Firewall Default Rules and Components

Personal Firewall Default Rules and Components

Mar 07, 2018

The Barracuda Personal Firewall comes with a default access ruleset. The following tables aim to give you a compact overview of the default rules and their functions.

Rule Categories

The default rules are split into the following rule categories:

Main Category

Sub Category Level #1

Sub Category Level #2

Main Category

Sub Category Level #1

Sub Category Level #2

Lockdown

Block all outbound and inbound traffic

Mixed (default)


Allow outbound and inbound

Core network

Barracuda VPN Allow Outbound and Inbound (Only on Adapter [TRUSTED])

Network Discovery

Ipv6 Tunnel

File and Printer Sharing (only on MY Net)

WLAN





Allow outbound and inbound

Core network

Allow outbound

Barracuda VPN

IPv6 tunnel

File and printer sharing (only on my net)

Block inbound

Network discovery

File and printer sharing

Block outbound

Network discovery

Domain




Allow outbound and inbound

Barracuda VPN

Network discovery

Core network

IPv6 tunnel

File and printer sharing (only on my net)

Adapters

The following tables show the adapter denominations used and what they mean.

DYNAMIC

Name

Description

Name

Description

All System Adapters

Examples:

  • VPN Network

  • Wireless Network Connection

  • Local Area Connection

  • Mobile Broadband Connection

  • Reusable Microsoft 6To4 Adapter

  • Teredo Tunneling pseudo interface

DYNAMIC [isatap]

Name

Description

Name

Description

Intra-Site Automatic Tunneling Addressing Protocol

ISATAP uses IPv4 as a virtual nonbroadcast multiple-access network (NBMA) data link layer, so that it does not require the underlying IPv4 network infrastructure to support multicast.

Example:
isatap.{09D450D7-FDBA-4B29-8165-5ED2EAB69606}

DYNAMIC [multi]

Name

Description

Name

Description

Adapter [TRUSTED]

All trusted adapters:

  • Ips: mc (managed by CC)

  • Barracuda VPN Adapter

  • Ethernet Adapter

  • Ask User and click “trusted”

Adapter [TUNNEL]

All OS tunneling adapters

Adapter [Dial-up]

Dial-up adapter, e.g. a modem

Adapter [Ethernet]

Ethernet based adapters

Adapter [PolSrv]

Adapter that was used for the last Access Control Service connection

Adapter [UNTRUSTED]

All untrusted adapters:

  • Wireless adapter

  • Dial-up adapter

Adapter [Virtual]

Virtual adapters

Adapter [VPN]

Barracuda virtual adapter

Adapter [Wireless]

Wireless adapters

Networks

The following tables show the network denominations used and what they mean.

DYNAMIC

Name

Description

Name

Description

Any

::/0, 0.0.0.0

localIP

All local IP addresses

localPolicyIP

Local IP connect to Access Control Service

localTrustedIP

All local IP addresses from trusted adapters

Net-Personal

VPN

All Barracuda client secure personal routes

TrustedNet

Secure zone

UntrustedNet

Insecure zone

virtualIP

All Barracuda VPN IP addresses

DYNAMIC [net]

Name

Description

Name

Description

Link-local

::fe80::/64

Secure Link-local Zone

Link-Local Scope Multicast Addresses

ff02::1, ff02::2, ff02::16, ff02::1:3

Ref: Solicited-Node Multicast Addresses

Net-Broadcast

255.255.255.255

All Broadcast

Node-Local Scope Multicast Addresses

ff01::2, ff01::1

Simple Service Discovery Protocol

ff0e::8, ff05::8, ff05::c, ff02::c, 239.255.255.250

Well-known practical multicast addresses for SSDP

 

Site-Local Scope Multicast Addresses

ff05::1:3, ff05::2

Solicited-Node Multicast Addresses

The solicited-node multicast address facilitates the efficient querying of network nodes during address resolution

Net-[Adapter Name]

 

LOCAL

Name

Description

Name

Description

LLMRN

 

MY Net

Ref: TrustedNet

My private trusted network

SSDP

Ref: Simple Service Discovery Protocol
Ref: MY Net

Services

This table shows the services you can choose from, as well as their protocols, default ports, and function.

Name

Port

Description

Name

Port

Description

Barracuda VPN

  • 691 TCP & UDP

  • 443 TCP-IPHTTPS

  • 3128 TCP - Squid Proxy

  • 8080 TCP - MS Proxy

  • 500 UDP - IPsec

  • 53 UDP - DNS

Barracuda VPN Tunnel

BOOTPS

  • 67 Bootstrap Protocol Client

  • 68 Bootstrap Protocol Server

Bootstrap Protocol

CIFS

  • 445 UDP

  • 445 TCP

Microsoft Windows 2000 SMB

DHCPv6

  • 546 UDP-DHCPv6 Client

  • 547 UDP-DHCPv6 Server

DHCPv6 [RFC 3315]

DNS

  • 53 UDP

Domain Name resolution

ICMP Echo

  • ICMP 0 (Echo reply)

  • ICMP 8 (Echo request)

  • ICMPv6 128 (Echo request [RFC 4443])

  • ICMPv6 129 (Echo reply [RFC 4443])

ipv6 and ipv4 Echo reply and request

ICMPv6 Multicast Listener Discovery

  • 130 Multicast Listener Query [RFC 2710]

  • 131 Multicast Listener Report [RFC 2710]

  • 132 Multicast Listener Done [RFC 2710]

  • 143 Version 2 Multicast Listener Report [RFC 3810]

 

ICMPv6 Neighbor Discovery

  • 133 Router Solicitation [RFC 4861]

  • 135 Neighbor Solicitation [RFC 4861]

  • 136 Neighbor Advertisement [RFC 4861]

  • 137 Redirect Message [RFC 4861]

 

ICMPv6 Router Advertisement

134 ICMPv6

Router Advertisement [RFC 4861]

IGMP

Protocol 2

Internet Group Message Protocol

IPv6 over IPv4

Protocol 41

IPv6 over IPv4

IPv6-noNxt

Protocol 59

IPv6 No Next Header

LLMNR

5355 UDP

Link-Local Multicast, allows hosts to perform name resolution for host on the same local link

NETBIOS-DBM

  • 138 UDP

  • 138 TCP

NETBIOS Datagram Service

NETBIOS-NS

  • 137 UDP

  • 137 TCP

NETBIOS Name Service

NETBIOS-SSN

  • 139 UDP

  • 139 TCP

NETBIOS Session Service

POLSRV

44000 TCP

Barracuda CloudGen Network Access Control Service

SSDP

  • 1900 UDP Simple Service Discovery Protocol

  • 2869 TCP SSDP event notification

  • 5000 TCP SSDP legacy event notification

Simple Service Discovery Protocol. Enables discovery of UPnP devices

WEB

80, 8080, 3128 TCP

Ref: IPHTTPS (443 TCP)

 

WS-Discovery

3702 TCP & UDP

Web Services Dynamic Discovery is a technical specification that defines a multicast discovery protocol to locate services on a local network.

Applications

This table shows the applications known by default to the Barracuda Personal Firewall.

Name

*.*

Description

Name

*.*

Description

EXPLORER

explorer.exe

Windows Explorer

LSASS

  • LSASS.EXE (Local Security Authority Process)

  • TASKHOST.EXE (Host Process for Windows Tasks)

 

POLSRV

phionha.exe

Barracuda CloudGen Health Agent

SSDP

  • SVCHOST.EXE

  • WMPNETWK.EXE (Windows Media Player)

Network-Discovery

SVCHOST

SVCHOST.EXE

Host Process for Windows Services

Personal Firewall Default Rules

The following tables provide an overview of the default rules and their functions.

Changes in sections other than Local may impact the functionality of the OS.

Barracuda VPN

The rules in this section are used for VPN server connections and for filtering content within tunnels.

Outbound

Tunnel  Outbound Barracuda VPN Tunnel

Adapter

 

Source

localIP

Destination

Any

Service

Barracuda VPN

Application

BARRACUDA VPN (phions.exe)

Settings

Core Network > Barracuda VPN

  • Yes (default)

Contact Us
Barracuda Campus
Barracuda Support