Firewall¶
The embedded XO-VAC+ server runs Windows 10 Entreprise LTSC 2021. The Firewall can be configured using Windows Defender Firewall with Advanced Security on the embedded PC. The easiest is to use RDP to remote in. It is also possible to configure it using SSH and the netsh windows command line tool.
Warning
The XO-VAC+ embedded server should not be directly exposed to the internet as it is not updated as often as a regular Windows PC.
XO-VAC+ default settings¶
By default, the general firewall rules are:
- Inbound connections that do not match a rule are blocked
- Outbound connections that do not match a rule are blocked
Note
On most Windows PCs, a more permissing default outgoing rule is often applied: Outbound connections that do not match a rule are allowed. This setting is changed on the XO-VAC+ embedded server to reduce its attack surface.
Tips
In the default Firewall settings, most processes are allowed to initiate communication on all ports. This is done to make the XO-VAC+ set-up easier. Users can limit the range of allowed Remote Addresses if required.
Inbound connections¶
| Name | Port | Remote Addresses | Protocol |
|---|---|---|---|
| Python (XO-VAC server) | Any | Any | TCP/UDP |
| Destination Unreachable Fragmentation Needed - ICMPv4 In | Any | Any | ICMPv4 |
| DHCP - ICMPv4 In | 68 | Any | ICMPv4 |
| Echo Request - ICMPv4 In | Any | Any | ICMPv4 |
| OpenSSH | 22 | Any | ICMPv4 |
| RDP | 3389 | Any | ICMPv4 |
Outgoing connections¶
| Name | Port | Remote Addresses | Protocol |
|---|---|---|---|
| Python (XO-VAC server) | Any | Any | TCP/UDP |
| DNS (UDP-Out) - ICMPv4 In | 53 | Any | ICMPv4 |
| DHCP - ICMPv4 In | 68 | Any | ICMPv4 |
| Echo Request - ICMPv4 In | Any | Any | ICMPv4 |
| OpenSSH | 22 | Any | ICMPv4 |
| RDP | 3389 | Any | ICMPv4 |
Configuration downloads¶
The default Firewall configuration can be downloaded from the Resources page.