Looking at the docs, I would say that you can only specify a specific port as that field is defined as <Port> where <Port> is a decimal number.
You could try putting in a * as a wildcard and see if that works. If not, you may consider using ipsec policies instead. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Jakobsson Sent: Monday, January 16, 2006 10:48 AM To: [email protected] Subject: [ActiveDir] configure port exceptions in windows xp firewall via gpo Hello, I am trying to configure the "Windows firewall:define port exceptions" policy on my clients (xpsp2). What I want is to block the communication from clients on all ports; and enable the servers (win2k3), printers and gateways to communicate with the clients (on all ports) I have been using strings looking like 1-65536:tcp:192.19.100.101-192.19.100.200/24:disable:disable client communication 1-65536:tcp:192.19.100.1-192.19.100.40/24:enable:enable server and printer communication 1-65536:tcp:192.19.100.250-192.19.100.254/24:enable:enable gateway communication (You could say that the "disable client communication" string works since the clients are inaccessible, however you cannot access them from the server either, so...) =) Perhaps you cannot specify multiple ports the way I did or is there something else wrong with my strings. Suggestions? Regards Peter List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
