PoBear 19 Posted April 8, 2019 Share Posted April 8, 2019 Before I re-instaled Emby I deleted all of the firewall rules, I've just checked and the new install has added rules to allow inbound connections on any port. I'll admit I'm not a firewall expert but why has this been done when I selected no remote access during the install? Thanks Link to comment Share on other sites More sharing options...
rbjtech 4314 Posted April 8, 2019 Share Posted April 8, 2019 (edited) For Windows, the rule is for 'embyserver.exe' - it is not a port rule but a Private Service rule. Now you could limit it further by selecting the standard Emby ports as well rather than any:any - however, as only 'embyserver.exe' can use this rule, then I feel this is an unnecessary restriction. As a consequence you break Emby should you ever change your Emby port and don't update the modified firewall rule... To also note, the Windows firewall is of course your 2nd 'inner' firewall anyway - your main DMZ firewall is the main 'port' defence. But it's an interesting topic tbh - I checked originally and I was happy with a service based rule. ps - You still need a firewall rule for local access regardless of your Remote settings. Edited April 8, 2019 by rbjtech Link to comment Share on other sites More sharing options...
PoBear 19 Posted April 8, 2019 Author Share Posted April 8, 2019 (edited) Sorry. should have been more detailed in my original description. I understand why connections on my PRIVATE network are required, I don't understand why an inbound rule for a PUBLIC network is required. Thanks Edited April 8, 2019 by PoBear Link to comment Share on other sites More sharing options...
rbjtech 4314 Posted April 8, 2019 Share Posted April 8, 2019 It's possible that the network on your PC is actually 'Public' (the default, depending on how you answered the Windows 10 setup questions..) - in which case, you probably want to change that ASAP to 'Private'.. Have a look here on how and why .. https://www.tenforums.com/tutorials/6815-set-network-location-private-public-windows-10-a.html 1 Link to comment Share on other sites More sharing options...
PoBear 19 Posted April 8, 2019 Author Share Posted April 8, 2019 No, all of my computers are and have always been set to Private. Link to comment Share on other sites More sharing options...
Happy2Play 8338 Posted April 9, 2019 Share Posted April 9, 2019 (edited) You should have receive a pop up Window to apply Private and Public restrictions. So if your server is mobile and you connect to a Public network your settings will be honored. At least all my Windows installs showed this pop up. If the rules already exist that is another story. Correction, it would appear only if you have the option enabled. I don't know what the default setting is. Edited April 9, 2019 by Happy2Play Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted April 9, 2019 Share Posted April 9, 2019 (edited) Windows firewall sucks for the reason that it lets anyone open ports... What I tend to do with windows firewall is create "BLOCK" rules and you block all ports skipping over the ports you want open. Like Public Block TCP 0-79, 81-442, 444-65535 (80 and 443 open) I have used windows firewall as the main firewall with no issues. (server hanging directly on the wild internet backbone) Or if you want no inbound connections that were not requested, tcp block 0-65535 and udp block 0-65535 and nothing inbound can connect on its own.. Block rules take precedence over allow rules so apps can create their own rules all day long and your block rules will keep things out. Edited April 9, 2019 by pir8radio 1 Link to comment Share on other sites More sharing options...
rbjtech 4314 Posted April 9, 2019 Share Posted April 9, 2019 No, all of my computers are and have always been set to Private. ok - then you must have ticket the Public option as H2P has advised, which unless your PC is directly connected to the internet (unlikely) is an irrelevant option as your PC will be using the Private firewall settings anyway. Link to comment Share on other sites More sharing options...
PoBear 19 Posted April 9, 2019 Author Share Posted April 9, 2019 ok - then you must have ticket the Public option as H2P has advised, which unless your PC is directly connected to the internet (unlikely) is an irrelevant option as your PC will be using the Private firewall settings anyway. Nope. No request was made and I would never allow Public access even if it was. Link to comment Share on other sites More sharing options...
PoBear 19 Posted April 10, 2019 Author Share Posted April 10, 2019 So given that my system is not setup as Public and I have not allowed any Public access why does Emby need inbound rules for a Public network. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted April 11, 2019 Share Posted April 11, 2019 (edited) So given that my system is not setup as Public and I have not allowed any Public access why does Emby need inbound rules for a Public network. It creates the rules for people who do have and want public access. Allot of programs do this including windows itself. If you have Upnp off and remote access off they cant reach your emby server and if they could they couldn't log in. Sent from my iPhone using Tapatalk Edited April 12, 2019 by pir8radio Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now