revingtosh
asked on
XP Firewall ANY INBOUND TCP / UDP PORT to a host from a given subnet
Hi,
I need to create the following inbound rule within the Group Policy in Windows Firewall, ive not not much luck so far, can anyone help please? I need:-
Any Tcp/Udp port inbound from the following subnets:-
10.50.4.0/255.255.255.0
10.50.5.0/255.255.255.0
10.1.0.0/255.255.0.0
10.100.1.0/255.255.255.0
10.81.0.0/255.255.0.0
10.100.50.0/255.255.255.0
10.100.13.0/255.255.255.0
Any help or advice would be much appreciated.
I need to create the following inbound rule within the Group Policy in Windows Firewall, ive not not much luck so far, can anyone help please? I need:-
Any Tcp/Udp port inbound from the following subnets:-
10.50.4.0/255.255.255.0
10.50.5.0/255.255.255.0
10.1.0.0/255.255.0.0
10.100.1.0/255.255.255.0
10.81.0.0/255.255.0.0
10.100.50.0/255.255.255.0
10.100.13.0/255.255.255.0
Any help or advice would be much appreciated.
ASKER
Hi,
Thanks for the advice sage, but im afraid that doesnt answer the question. I need to open all ports and if i were to adopt your methos i would need 65535 lines (1 for each port)
Thanks for the advice sage, but im afraid that doesnt answer the question. I need to open all ports and if i were to adopt your methos i would need 65535 lines (1 for each port)
ahhhhhhhhhhhh... so?????????????? Don't like to type ?????? lol
sorry about that... I guess I mis-understood. Will look into it a bit more for you.
sorry about that... I guess I mis-understood. Will look into it a bit more for you.
ASKER
Thanks flubbster that would be fantastic.
Basically ive got 1 month to roll out XP Firewall to 1000 clients without AD! The problem is that we have several management networks that all need to speak to the clients on anyport. If i dont get this right, it will mean a repeat visit to the local client machines!
So i need to get something down and dirty in place just to tide us over until the new AD envionment is up and running.
I hope to hear from you soon.
Mike
Mike
Basically ive got 1 month to roll out XP Firewall to 1000 clients without AD! The problem is that we have several management networks that all need to speak to the clients on anyport. If i dont get this right, it will mean a repeat visit to the local client machines!
So i need to get something down and dirty in place just to tide us over until the new AD envionment is up and running.
I hope to hear from you soon.
Mike
Mike
ASKER
Thanks for the post dtewartjr:-
I work in local government, as such we have had legislation imposed on us says that we MUST have a firewall product installed.
There are 3rd party products on the market that would do this ruleset, but we only have a month so the organisation settled on XP Firewall because it is already present.
Are we saying that my question isnt solveable with XP Firewall then?
I work in local government, as such we have had legislation imposed on us says that we MUST have a firewall product installed.
There are 3rd party products on the market that would do this ruleset, but we only have a month so the organisation settled on XP Firewall because it is already present.
Are we saying that my question isnt solveable with XP Firewall then?
This article shows you a way to add a port range to the windows firewall
http://www.newagedigital.c
Also you could just create an exception for the program or a service, rather than define port numbers. Then, when the program creates its listening socket(s), the firewall dynamically opens whatever ports the program uses, and restricts incoming traffic to that process only.
http://www.newagedigital.c
Also you could just create an exception for the program or a service, rather than define port numbers. Then, when the program creates its listening socket(s), the firewall dynamically opens whatever ports the program uses, and restricts incoming traffic to that process only.
This may or may not pertain to what you are trying to accomplish
How to configure RPC dynamic port allocation to work with firewalls
How to configure RPC dynamic port allocation to work with firewalls
ASKER
Keep 'em coming guys please!
So far, nothing seems to accomplish what i want to achieve. I am aware that other products on the market will allow this, so im at a loss at to why XP Firewall doesnt.
Mike
So far, nothing seems to accomplish what i want to achieve. I am aware that other products on the market will allow this, so im at a loss at to why XP Firewall doesnt.
Mike
XP firewall is very basic. Have you tried either adding an exception for the program or service that you are trying to unblock? Here are some other ways to customize XP's firewall.
http://www.windowsecurity.com/articles/Customizing-Windows-Firewall.html
http://www.windowsecurity.com/articles/Customizing-Windows-Firewall.html
ASKER
The problem is that we dont really know what we have!
Our thought was to put something in place that allowed all traffice from the IT Management VLANs using a local group policy. Once the centralised GP is in place we were then going to tie it down further.
The whole point of this exercise was to avoid having to visit each PC more than once!
Mike
Our thought was to put something in place that allowed all traffice from the IT Management VLANs using a local group policy. Once the centralised GP is in place we were then going to tie it down further.
The whole point of this exercise was to avoid having to visit each PC more than once!
Mike
ASKER
Anyone?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.hammer-software.com/articles/mlxpsp2/MetaLAN_xpsp2_GroupPolicy.html
Follow steps 1-8, then skip down to "allowing Port Exceptions"