Windows XP's Internet Connection Firewall (ICF) protects
your network against undesired incoming traffic from the Internet
-- everything from casual port scans by bored teenagers to serious
break-in attempts by determined hackers. ICF creates a protective
barrier between your network and the Internet, only passing through
traffic that you've requested.
You can enable or disable ICF separately on each dial-up, LAN,
or high-speed Internet connection in the Network Connections
folder. That's good, because there are some connections that can
benefit from ICF, and some that must not use it.
Here are some points to ponder when deciding whether to use ICF
on your network connections.
WARNING #1: As its name implies, the Internet Connection
Firewall is for use ONLY on a direct connection to the Internet,
such as a dial-up, DSL, or cable modem. If your computer gets its
Internet connection through a software router (like Internet Connection
Sharing) or a hardware router, you don't have a direct connection
and must not enable ICF.
WARNING #2: If the Internet Connection Firewall is enabled
on a local area network connection with other computers, it will
block File and Printer Sharing. This is probably the most common
problem in Windows XP networking.
WARNING #3: ICF is only effective against undesired incoming
traffic from the Internet. It can't stop undesired outgoing traffic
from spyware, Trojan horse programs, or other hacker tools. If you
want outgoing protection, use a firewall that offers that capability,
and disable ICF on all connections.
WARNING #4: To enable or disable ICF, you must be logged
on as a user that is a member of the Administrators group.
Enabling and Disabling the Internet Connection Firewall
To enable ICF on an Internet connection, open the Network Connections
folder, right click the desired connection, and click Properties.
The Properties sheet shows the network components associated with
Click the Advanced tab, then check Protect my computer
and network by limiting or preventing access to this computer from
If the firewall is enabled and you want to disable it, un-check
the same box.
Windows XP asks you to confirm your decision to disable the firewall.
Click Yes to disable it.
Internet Connection Firewall Security Log
By default, ICF silently discards all undesired incoming traffic.
To see a record of its activity, you can enable security logging.
Open the Advanced tab of the network connection's properties
and click Settings.
Click Security Logging to bring up the logging options.
To see messages about discarded traffic, check Log dropped packets.
On a cable modem connection, it's common to see several dozen of
these messages every day.
To see messages about permitted traffic, check Log successful
connections. Selecting this option can cause the log file to
grow very large very quickly. To limit its size, enter a number
in the Size limit box.
By default, the security log is written to file pfirewall.log
in the Windows folder. To change the file name, enter a new name
in the Name box, or click the Browse button and browse
to the new file.
For information on how to read and interpret the security log,
click Learn more about Internet Connection Firewall on the