Firewall Service (Compact 2013)


The Firewall Service provides network security for Windows Embedded Compact 2013. The Firewall Service enforces a set of rules that filter unsafe and unwanted network traffic on multiple layers, including IP and TCP. The following features are included in the Firewall Service:

  • Block port scanning
  • Block ping requests
  • Block network traffic for specific protocols
  • Block inbound and outbound traffic
  • Allow port exceptions
  • Allow trusted IP addresses

Firewall Service rules are a group of registry settings that determine how network traffic is filtered by accessing Windows Filtering Platform (WFP) APIs. The Firewall Service includes the following set of rules, enabled by default, when the Firewall Service is added to your OS:

  • Block all inbound traffic for TCP and User Datagram Protocol (UDP)
  • Block ping requests from remote IP addresses
  • Allow all outbound traffic
  • Block TCP reset (RST) on closed TCP ports to prevent TCP port scanning
  • Block Internet Control Message Protocol (ICMP) error on closed UDP ports to prevent UDP port scanning

You can edit and remove the default rules, or you can create new rules. For information about modifying, removing, or creating rules, see Firewall Service Rules.

To add the Firewall Service to your OS, see Firewall Service Catalog Items and Sysgen Variables.

To configure the Firewall Service, see Firewall Service Rules.

For reference information, see Firewall Service Registry Settings.

Source code for the Firewall Service is at public/servers/sdk/samples/services/firewall.

Other Resources