port exceptions in GPO

Thomas N
Thomas N used Ask the Experts™
on
Question about setting up Firewall Port exceptions in GPO. Normally I would use the format
example : 135:TCP:192.168.0.0/16:enabled:SMS port

This enable port 135 on the subnet 192.168.0.0(correct me if I am wrong). I was told that you can put a server IP address in there and it would alllow that port only open for that server IP that is put in place of the 192.168.0.0.  Is this right?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Senior IT Consultant
Commented:
Yes, see http://technet.microsoft.com/en-us/library/bb490616.aspx

Scroll down to Windows Firewall: Define Port Exceptions and see:

Scope

The Scope parameter specifies the addresses from which the traffic is allowed. Type * to specify traffic originating from any source IPv4 address or a comma separated list of sources. The sources can be LocalSubnet to specify traffic originating from a directly reachable IPv4 address or one or more IPv4 addresses or IPv4 address ranges separated by commas. IPv4 address ranges typically correspond to subnets. For IPv4 addresses, type the IPv4 address in dotted decimal notation. For IPv4 address ranges, you can specify the range using a dotted decimal subnet mask or a prefix length. When you use a dotted decimal subnet mask, you can specify the range as an IPv4 network ID (such as 10.47.81.0/255.255.255.0) or by using an IPv4 address within the range (such as 10.47.81.231/255.255.255.0). When you use a network prefix length, you can specify the range as an IPv4 network ID (such as 10.47.81.0/24) or by using an IPv4 address within the range (such as 10.47.81.231/24).

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial