Please Post Correct Windows 10 Firewall Rules For Everyone

For help and support with Universal Media Server
Forum rules
Please make sure you follow the Problem Reporting Guidelines before posting if you want a reply
Post Reply
mikedarooky
Posts: 5
Joined: Sat Dec 03, 2016 11:38 am

Please Post Correct Windows 10 Firewall Rules For Everyone

Post by mikedarooky »

Can someone who knows what they're talking about and works on this project post the Windows 10 firewall rules once and for all?

Been setting inbound and outbound for:

ums.exe
javaw.exe

This was working perfectly but it seems everytime the java runtime environment is updated, the firewall rules get mucked up. Same with updating UMS.

Why exactly does the Windows installer NOT ask you to create firewall rules? Seems a no brainer in terms of user ease of use.
Nadahar
Posts: 1990
Joined: Tue Jun 09, 2015 5:57 pm

Re: Please Post Correct Windows 10 Firewall Rules For Everyone

Post by Nadahar »

It's not so simple, which is why there is on "correct firewall rules". What ports you need to open depends on how you configure UMS, and what rules you make depends on how you have configured your firewall. To complicate it further, as UMS is a Java program Windows incorrectly associates rules with the Java installation, not the application.

This is basically a mess made by Microsoft by enforcing the use of their firewall on recent versions of Windows, which again is caused by the general lack of knowledge and hysteria that accompanies anything related to "computer security". For most people the firewall is completely useless, since most people are behind a router that already has a firewall. The Windows firewall is only needed if you connect your computer directly to the internet without a router, for example by using public WiFi zones. UMS is very rarely useful in those circumstances, so the easy answer for most people would be to disable it.

Since you can configure your firewall in many different ways and since your network topology can be anything, there is no way to give some rules that will work for everybody. The closest thing one can do is to suggest rules based on the default Windows firewall configuration, assuming that you haven't changed it.

From a default configuration, you need to open three things:

* Incoming TCP to the "main" UMS port, 5001 by default
* Incoming UDP and TCP to the UPnP port, always port 1900
* Incoming TCP to the web interface port, 9001 by default.

With the default setup there's no need to create any outgoing rules. If you have modified your firewall setup it might be though. Regarding which EXE file to associate the rule with, there's no way for us to tell. It has to be to the Java executable that is actually used. If you have multiple Java versions installed, you must make sure that it's the one actually used by UMS. In addition, you might need to associate the rule with a different EXE file (the "service" executable) if you want to run UMS as a service.
User avatar
Madoka
Posts: 328
Joined: Fri Jun 01, 2012 12:51 pm

Re: Please Post Correct Windows 10 Firewall Rules For Everyone

Post by Madoka »

One thing is that the newer Java installations install into different directories every time. Before they all installed in to "jre7", for example. Now the installer uses "jre8_u151", then "jre8_u161". This is a different program to the firewall which is why it asks every time. I've been doing custom installs into just "jre8" every time, and I never need to update the rules.
mikedarooky
Posts: 5
Joined: Sat Dec 03, 2016 11:38 am

Re: Please Post Correct Windows 10 Firewall Rules For Everyone

Post by mikedarooky »

Nadahar

Thank you. I deleted all prior Firewall rules for UMS and did a clean install of UMS itself.

I then added the rules as you specified:
* Incoming TCP to the "main" UMS port, 5001 by default
* Incoming UDP and TCP to the UPnP port, always port 1900
* Incoming TCP to the web interface port, 9001 by default.
Worked perfectly.

Thanks again.

If anyone is trying to add these - do this:

1. Go to Control Panel > Windows Defender Firewall and select Advanced Settings on the left .
2. Choose Inbound Rules from the left hand menu.
3. Choose New Rule on the right.
4. Select Port. click Next.
5. Select TCP or UDP (depending on rule you're adding) and then enter Port number. Click Next.
6. Allow Connection. Click Next.
7. I left all boxes checked Domain, Private, Public (not sure if you need all these open). Click Next.
8. Name the rule so you know what it is.
9. Click Finish.
10. Repeat from #2 for all rules.

**Note** I do not have any explicit rules for Java (javaw.exe) or UMS (ums.exe) and it works fine.
Post Reply