Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: SV: [ActiveDir] configure port exceptions in windows xp firewall via gpo
Prev Next
You are not authorized to post a reply.

AuthorMessages
AD00000214User is Offline

Posts:0

01/17/2006 4:48 AM  
Ok, thanks i guess =)

Is there another way of achieving this goal, without buying certain hardware or expensive licenses? Or is ipsec policies the best/only way to go?
-----Ursprungligt meddelande-----
Från: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] För Darren Mar-Elia
Skickat: den 16 januari 2006 21:43
Till: ActiveDir@xxxxxxxxxxxxxxxxxx
Ämne: RE: [ActiveDir] configure port exceptions in windows xp firewall via gpo

Right, not only can you not specify port ranges as you have done, but
you can not specify subnet ranges as you have done. You can specific an
address, a subnet or * but not ranges of a subnet.

-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
Sent: Monday, January 16, 2006 10:56 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] configure port exceptions in windows xp
firewall via gpo

Looking at the docs, I would say that you can only specify a specific
port as that field is defined as where is a decimal
number.

You could try putting in a * as a wildcard and see if that works. If
not, you may consider using ipsec policies instead.


-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Peter Jakobsson
Sent: Monday, January 16, 2006 10:48 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] configure port exceptions in windows xp firewall
via gpo

Hello,

I am trying to configure the "Windows firewall:define port exceptions"
policy on my clients (xpsp2).

What I want is to block the communication from clients on all ports; and
enable the servers (win2k3), printers and gateways to communicate with
the clients (on all ports)

I have been using strings looking like

1-65536:tcp:192.19.100.101-192.19.100.200/24:disable:disable client
communication 1-65536:tcp:192.19.100.1-192.19.100.40/24:enable:enable
server and printer communication
1-65536:tcp:192.19.100.250-192.19.100.254/24:enable:enable gateway
communication
(You could say that the "disable client communication" string works
since the clients are inaccessible, however you cannot access them from
the server either, so...) =)


Perhaps you cannot specify multiple ports the way I did or is there
something else wrong with my strings. Suggestions?

Regards
Peter
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > SV: [ActiveDir] configure port exceptions in windows xp firewall via gpo



ActiveForums 3.7
AdventNet Banner
Friends

Friends

Namescape
Members

Members

MembershipMembership:
Latest New UserLatest:pwallingpd
New TodayNew Today:1
New YesterdayNew Yesterday:2
User CountOverall:4262
People OnlinePeople Online:
VisitorsVisitors:69
MembersMembers:0
TotalTotal:69
Online NowOnline Now:

Ads

Copyright 2008 ActiveDir.org
Terms Of Use