Jump to content

Firewall - Disable multicast DNS on port 5335

Recommended Posts

I would like to prevent multicast DNS on port 5335.

There is an existing rule for this in the predefined firewall rules (which are enabled by default) named Allow incoming multicast DNS requests from the Trusted zone on UDP 5355.

This specific rule cannot be disabled, unfortunately.

I do use the predefined firewall rules, so I would prefer not to disable them completely.

How can I keep all of the other predefined rules, but prevent multicast DNS? I also use the Trusted Zone for other firewall rules.


I can think of 2 options:

  1. Create a single policy with a firewall rule to block this traffic. How can I make sure the new policy's firewall rule to block this traffic is matched first?
  2. Remove the Trusted Zone networks. Create a new custom Zone to configure my custom firewall rules. If I do this, will the predefined firewall rule no longer work because there are no networks defined in the Trusted Zone?
Link to comment
Share on other sites

  • Administrators

Enforcing this setting via a policy should disable multicast in the trusted zone:


Link to comment
Share on other sites

To clarify, I believe you are referring to mDNS network traffic which is UDP protocol and port 5353.

Eset's default firewalll rules for multicast DNS are misnamed since those rules actually refer to LLMNR service; i.e. protocol UDP port 5355. Also, the default LLMNR firewall rules in regards to blocking and allowing traffic is controlled via enabling or disabling its Eset service setting as @Marcos posted.

It took me a while to figure out that handling of mDNS network traffic via the Eset firewall is actually handled via the default "Allow all traffic within computer" named rule. This rule should not be disabled.

Additionally, Windows default firewall rules allow inbound mDNS for all profiles; Public, Private, and Domain. You should think twice about disabling any mDNS traffic within the local subnet network since Windows uses it extensively and has deprecated and disabled LLMNR inbound traffic on its firewall settings.

Bottom line - Eset firewall default settings will allow all local subnet mDNS traffic and block any other like inbound traffic. Therefore, no additional Eset firewall rule needs to be created. If you still want to disabled inbound mDNS traffic; at your own risk, you would have to create a new firewall rule to block any inbound local network traffic for protocol UDP, port 5353. This rule must be moved above the existing the default "Allow all traffic within computer" named rule.

Link to comment
Share on other sites

Thank you both for the information.


To answer your question, @itman, yes, I was looking to disable LLMNR traffic as @Marcos posted.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...