Win Firewall Exceptions: 1 Port at a time ???


2 Part Question:

1.)  If you turn off your REAL firewall (i.e. ZoneAlarm)  and Windows Firewall Does that mean that all your ports are open ??? *DSL  allowing everyone full access to your ports?

2.)  If you enable Windows Firewall, do you really have to allow one port at a time ???   What if you have a range of 100 ports you want open?  Can you bulk-allow?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

1. Yes. Depends on what you meant by "full access". At least everyone can send a port probe and get a response. A port is listening is another matter.
2. Yes and No. At least I think so. The default config will not allow you to bulk-allow (enter a range), unless you have some kinds of walk-around.
pdorileyAuthor Commented:
Ok NetExpert so please expound upon that...

1.  How do you enable you're ports for listening and file-sharing
2.  Do you know of any walk arounds to this Windows Firewall one-at-a-time stuff?
pdorileyAuthor Commented:
NetExpert, I guess I'd have to reward you even if you don't reply to my follow-up questions which are well-within the topic / I wanted all the answers to be on the same post so they makes sense  when read together

The main question now is really  how to get around entering in 1 at a time exceptions in Windows Firewall?
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Sorry I was busy in the last several days and haven't had chance to look at this. In my experience, Windows built in Firewall (for XP) is a pain (in the butt). I tried to avoid it as much as possible. An expert firewall like ZoneAlarm is a better choice.

With Windows firewall, it will enable you to do some simple tasks, at least outgoing connection is enable by default, but incoming connection (for example, you are running a server) must be configured.
First open it using Start Menu -> Control Panel -> Window Firewall. (You must have Window Firewall/ICS server running, it will ask you).
In General, select ON (with check box "Don't allow exception" uncheck).
In Exception, there's some simple options.
- file sharing (using default networking with Microsoft File and Printer sharing).
- add Program will allow a program to listen to incoming connection (therefore, if a program use more than one port, this will open these ports for you).
- add port (one at a time).

Otherwise you can try the command line (another pain). Open commandline window and type 'netsh' and try to have a look at some options available (you may need service pack 2). Use '?' to see command list, or 'firewall' to enter firewall context.
The command to add port is 'netsh firewall add portopening'. Look at its syntax, and you maybe able to create a batch to add a range of port.

It's just the idea. If you need specific instruction, let me know and I maybe able to figure it out this weekend.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pdorileyAuthor Commented:
Why didn't Windows make it easy to open a range?   If you could figure this out than that would be great mmkay.

But seriously, if you could (without wasting too much time / anyone whos knows enough to write a batch to add port ranges should be using a real firewall anyway)
come up with that solution to opening ports using netsh firewall add portopening then that would be great , mmkay.
pdorileyAuthor Commented:
This is just so I know how to do it if somday some guy wants to stick with Windows Firewall and open a range of ports!!! LOL!

Im still laughing, (almost 30 seconds later...)

aaaw that was good..
I'm in short of time now, so won't be able to help you further :( Have a look around and make sure that there's not way to enter a port range (using standard procedure) unless you create a batch file to run the netsh firewall command (as a loop), or spend time with some API programming.

It takes less time to download a free firewall (ZA?) and make a cup of tea (and still feel as safe as with Windows Firewall). LOL. Still scare of the slogan "It's not a bug, it's a feature" of Microsoft.


Good luck anyway.
pdorileyAuthor Commented:
Hold on,  Net Expert, you said.  "and still feel AS SAFE as with Windows Firewall"   Don't insult Zone Alarm like that, its a good firewall.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.