Jump to content

Firewall - Disable multicast DNS on port 5335

Recommended Posts

I would like to prevent multicast DNS on port 5335.

There is an existing rule for this in the predefined firewall rules (which are enabled by default) named Allow incoming multicast DNS requests from the Trusted zone on UDP 5355.

This specific rule cannot be disabled, unfortunately.

I do use the predefined firewall rules, so I would prefer not to disable them completely.

How can I keep all of the other predefined rules, but prevent multicast DNS? I also use the Trusted Zone for other firewall rules.


I can think of 2 options:

  1. Create a single policy with a firewall rule to block this traffic. How can I make sure the new policy's firewall rule to block this traffic is matched first?
  2. Remove the Trusted Zone networks. Create a new custom Zone to configure my custom firewall rules. If I do this, will the predefined firewall rule no longer work because there are no networks defined in the Trusted Zone?
Link to comment
Share on other sites

To clarify, I believe you are referring to mDNS network traffic which is UDP protocol and port 5353.

Eset's default firewalll rules for multicast DNS are misnamed since those rules actually refer to LLMNR service; i.e. protocol UDP port 5355. Also, the default LLMNR firewall rules in regards to blocking and allowing traffic is controlled via enabling or disabling its Eset service setting as @Marcos posted.

It took me a while to figure out that handling of mDNS network traffic via the Eset firewall is actually handled via the default "Allow all traffic within computer" named rule. This rule should not be disabled.

Additionally, Windows default firewall rules allow inbound mDNS for all profiles; Public, Private, and Domain. You should think twice about disabling any mDNS traffic within the local subnet network since Windows uses it extensively and has deprecated and disabled LLMNR inbound traffic on its firewall settings.

Bottom line - Eset firewall default settings will allow all local subnet mDNS traffic and block any other like inbound traffic. Therefore, no additional Eset firewall rule needs to be created. If you still want to disabled inbound mDNS traffic; at your own risk, you would have to create a new firewall rule to block any inbound local network traffic for protocol UDP, port 5353. This rule must be moved above the existing the default "Allow all traffic within computer" named rule.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...