Skip to content

Firewall

The embedded XO-VAC+ server runs Windows 10 Entreprise LTSC 2021. The Firewall can be configured using Windows Defender Firewall with Advanced Security on the embedded PC. The easiest is to use RDP to remote in. It is also possible to configure it using SSH and the netsh windows command line tool.

Warning

The XO-VAC+ embedded server should not be directly exposed to the internet as it is not updated as often as a regular Windows PC.

XO-VAC+ default settings

By default, the general firewall rules are:

  • Inbound connections that do not match a rule are blocked
  • Outbound connections that do not match a rule are blocked
Note

On most Windows PCs, a more permissing default outgoing rule is often applied: Outbound connections that do not match a rule are allowed. This setting is changed on the XO-VAC+ embedded server to reduce its attack surface.

Tips

In the default Firewall settings, most processes are allowed to initiate communication on all ports. This is done to make the XO-VAC+ set-up easier. Users can limit the range of allowed Remote Addresses if required.

Inbound connections

Name Port Remote Addresses Protocol
Python (XO-VAC server) Any Any TCP/UDP
Destination Unreachable Fragmentation Needed - ICMPv4 In Any Any ICMPv4
DHCP - ICMPv4 In 68 Any ICMPv4
Echo Request - ICMPv4 In Any Any ICMPv4
OpenSSH 22 Any ICMPv4
RDP 3389 Any ICMPv4

Outgoing connections

Name Port Remote Addresses Protocol
Python (XO-VAC server) Any Any TCP/UDP
DNS (UDP-Out) - ICMPv4 In 53 Any ICMPv4
DHCP - ICMPv4 In 68 Any ICMPv4
Echo Request - ICMPv4 In Any Any ICMPv4
OpenSSH 22 Any ICMPv4
RDP 3389 Any ICMPv4

Configuration downloads

The default Firewall configuration can be downloaded from the Resources page.