Configure firewall's policies on special traffic or packets.
Note: This web page is controlled by the Security Profiles field in the Personal Firewall Basic Configuration page. If a fixed profile (without the word "custom' in the name) is selected, this web page is read-only and no configuration change is allowed. The Edit column, "Apply", "Add Rule" and "Purge Table" buttons are removed. If a custom profile is selected, configuration change is allowed on this web page.
For each parameter, select the corresponding check box to enable it, or clear the check box to disable it.
| Parameter | Description |
|---|---|
| Block outgoing spoofed IP packets | When the 'Block outbound spoofed IP packets' option is enabled, the firewall blocks any application on the NVIDIA network interface from sending network traffic using an IP address different from the one assigned to the interface. Such network packets are called spoofed IP packets, and this feature, also known as 'anti-IP-spoofing', is intended to prevent the NVIDIA network interface from participating in distributed denial of service attacks. |
| Block spoofed ARP packets | When the 'Block spoofed ARP packets' option is enabled, the firewall filters out any ARP packet sent by a malicious machine that pretends to be another machine through altering the local ARP cache. Such network packets are called spoofed ARP packets, and this feature is also known as 'anti-ARP-spoofing'. |
| Block UDP packets with no checksum | When the 'Block UDPv4 with no UDP checksum' option is enabled, the firewall drops any UDP datagram that has no UDP checksum if it is inside an IPv4 packet (UDP checksums are optional when used over IPv4, but are mandatory when used over IPv6). |
| Block outgoing DHCP server packets | When the 'Disallow DHCP server' option is enabled, the firewall prevents a DHCP (Dynamic Host Configuration Protocol) server process in the PC from using the NVIDIA network interface to communicate using the DHCP protocol. The DHCP server is used to assign IP addresses to client computers. |
| Disallow promiscuous mode | When the 'Disallow promicuous mode' option is enabled, the firewall prevents applications from setting the NVIDIA network interface to promiscuous mode. Promiscuous mode is primarily used by packet sniffing software. |
| Button | Description |
|---|---|
| Apply | Apply changes. When you click Apply, the network interface is disabled and then enabled in order for the changes to take place. This might result in error messages from network applications. |