Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Win Firewall Exceptions: 1 Port at a time ???

Posted on 2004-10-23
Medium Priority
Last Modified: 2013-11-16

2 Part Question:

1.)  If you turn off your REAL firewall (i.e. ZoneAlarm)  and Windows Firewall Does that mean that all your ports are open ??? *DSL  allowing everyone full access to your ports?

2.)  If you enable Windows Firewall, do you really have to allow one port at a time ???   What if you have a range of 100 ports you want open?  Can you bulk-allow?

Question by:pdoriley
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3

Expert Comment

ID: 12387799
1. Yes. Depends on what you meant by "full access". At least everyone can send a port probe and get a response. A port is listening is another matter.
2. Yes and No. At least I think so. The default config will not allow you to bulk-allow (enter a range), unless you have some kinds of walk-around.

Author Comment

ID: 12387806
Ok NetExpert so please expound upon that...

1.  How do you enable you're ports for listening and file-sharing
2.  Do you know of any walk arounds to this Windows Firewall one-at-a-time stuff?

Author Comment

ID: 12438109
NetExpert, I guess I'd have to reward you even if you don't reply to my follow-up questions which are well-within the topic / I wanted all the answers to be on the same post so they makes sense  when read together

The main question now is really  how to get around entering in 1 at a time exceptions in Windows Firewall?
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.


Accepted Solution

NetExpert earned 1000 total points
ID: 12442063
Sorry I was busy in the last several days and haven't had chance to look at this. In my experience, Windows built in Firewall (for XP) is a pain (in the butt). I tried to avoid it as much as possible. An expert firewall like ZoneAlarm is a better choice.

With Windows firewall, it will enable you to do some simple tasks, at least outgoing connection is enable by default, but incoming connection (for example, you are running a server) must be configured.
First open it using Start Menu -> Control Panel -> Window Firewall. (You must have Window Firewall/ICS server running, it will ask you).
In General, select ON (with check box "Don't allow exception" uncheck).
In Exception, there's some simple options.
- file sharing (using default networking with Microsoft File and Printer sharing).
- add Program will allow a program to listen to incoming connection (therefore, if a program use more than one port, this will open these ports for you).
- add port (one at a time).

Otherwise you can try the command line (another pain). Open commandline window and type 'netsh' and try to have a look at some options available (you may need service pack 2). Use '?' to see command list, or 'firewall' to enter firewall context.
The command to add port is 'netsh firewall add portopening'. Look at its syntax, and you maybe able to create a batch to add a range of port.

It's just the idea. If you need specific instruction, let me know and I maybe able to figure it out this weekend.

Author Comment

ID: 12445341
Why didn't Windows make it easy to open a range?   If you could figure this out than that would be great mmkay.

But seriously, if you could (without wasting too much time / anyone whos knows enough to write a batch to add port ranges should be using a real firewall anyway)
come up with that solution to opening ports using netsh firewall add portopening then that would be great , mmkay.

Author Comment

ID: 12445397
This is just so I know how to do it if somday some guy wants to stick with Windows Firewall and open a range of ports!!! LOL!

Im still laughing, (almost 30 seconds later...)

aaaw that was good..

Expert Comment

ID: 12447385
I'm in short of time now, so won't be able to help you further :( Have a look around and make sure that there's not way to enter a port range (using standard procedure) unless you create a batch file to run the netsh firewall command (as a loop), or spend time with some API programming.

It takes less time to download a free firewall (ZA?) and make a cup of tea (and still feel as safe as with Windows Firewall). LOL. Still scare of the slogan "It's not a bug, it's a feature" of Microsoft.


Good luck anyway.

Author Comment

ID: 12451359
Hold on,  Net Expert, you said.  "and still feel AS SAFE as with Windows Firewall"   Don't insult Zone Alarm like that, its a good firewall.


Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This program is used to assist in finding and resolving common problems with wireless connections.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question