I think I've asked about this in the past, but couldn't find the post.
So, I've noticed that upon installation all browsers I tried add Inbound rules to the Windows Firewall. The question is... why? Brave adds a single UDP Inbound rule (local port 5353) "to allow mDNS traffic". Firefox and Pale Moon add both TCP/UDP rules, no ports specified i.e. all ports.
After a brief search, I mostly encountered two types of answers:
a) Disable them: not required, perhaps even risky.
b) Needed for some non-standard connections/applications, related to chat/streaming/gaming etc. which perhaps Pale Moon doesn't support anyway. Firefox might even need these for telemetry-related connections.
I'm fairly certain these rules were not added by Pale Moon a few years back, but at some point this changed. After some quick tests, disabling them doesn't seem to affect anything.
Any thoughts? Are there potential security risks and what are these rules needed for, exactly? Thanks.
Do browsers need inbound/incoming firewall rules?
Forum rules
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.
Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.
Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
-
- Moon Magic practitioner
- Posts: 2900
- Joined: 2012-08-19, 20:32
-
- Board Warrior
- Posts: 1327
- Joined: 2019-04-24, 09:38
Re: Do browsers need inbound/incoming firewall rules?
mDNS is being done solely by the OS if an mDNS client is installed (Avahi on Linux, Bonjour on Windows).
I don't know why a browser should be able to receive mDNS traffic.
I don't know why a browser should be able to receive mDNS traffic.
The profile picture shows my Maico EC30 E ceiling fan.
-
- Pale Moon guru
- Posts: 37775
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Do browsers need inbound/incoming firewall rules?
The only firewall rules created are those for the "private" profile, i.e. loopback connections. This would be necessary for some devtools usage and doesn't actually open it up to the outside. I haven't really looked in detail when Mozilla added this because since it's private use, there would not be a risk.
"A dead end street is a place to turn around and go into a new direction" - Anonymous
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite