I installed a stateful packet filter for my Windows XP machine, and I also downloaded a sample rule set that has the following rules:
- allow all incoming ICMP packets
- allow all incoming ARP packets
- allow all incoming UDP packets
- allow all incoming TCP packets except those with only the SYN flag set
- allow all UDP packets from my router's port 67/68 to my port 67/68 (for DHCP)
- allow all incoming TCP packets to my port 113 that have only the SYN flag set (for IDENT)
My machine is just a workstation (I'm not running any server processes on it), so do you guys think those rules are pretty safe? Do you think I should make the ICMP rule more restrictive (I've seen some people say that you shouldn't allow certain types of ICMP packets)? Also, what uses UDP besides DHCP? And is the IDENT rule even necessary?