Sometimes firewalls offer too much protection; they block unsolicited incoming traffic that you want to receive, such as if you’re hosting a web site. Here’s how to open a hole in your firewall to let only specific incoming traffic through.

Most firewalls block all unsolicited inbound traffic and connections, which can be a problem if you’re running a web site, email or FTP server, or other service that requires you to accept unsolicited inbound packets. But you can punch a hole through your firewall, to let only that traffic in, while still keeping potentially dangerous intruders out.

First, decide what kind of unsolicited inbound traffic and connections you want to let through, and then find out which ports they use. For example, if you have a web server, you’ll have to allow traffic through that’s bound for port 80. Table 5-2 [Hack #49] lists common ports; for a complete list, go to http://www.iana.org/assignments/port-numbers.

How you allow traffic through a firewall varies from firewall to firewall. To do it for XP’s built-in Internet Connection Firewall (ICF), first right-click on My Network Places to open the Network Connections folder. Then, right-click on the connection for which you want to enable the incoming services and choose Properties → Advanced → Settings. The Advanced Settings dialog box appears, as shown in Figure 5-19. To enable a service and allow its incoming traffic through the firewall, put a check next to it and ...