RE: [ActiveDir] configure port exceptions in windows xp firewall via gpo

Umer Y. Mon, 16 Jan 2006 13:15:54 -0800

Shouldn't the UDP ports be opened for netbios name resolution?


System service name: Browser

Application protocol Protocol Ports

NetBIOS Datagram Service UDP 138
NetBIOS Name Resolution UDP 137
NetBIOS Session Service TCP 139

Ref: http://support.microsoft.com/default.aspx?scid=kb;en-us;832017



... you don't know what you've got 'till it's gone..

- Joni Mitchell


From: "Darren Mar-Elia" <[EMAIL PROTECTED]>
Reply-To: [email protected]
To: <[email protected]>

Subject: RE: [ActiveDir] configure port exceptions in windows xp firewallvia gpo

Date: Mon, 16 Jan 2006 12:43:11 -0800

Right, not only can you not specify port ranges as you have done, but
you can not specify subnet ranges as you have done. You can specific an
address, a subnet or * but not ranges of a subnet.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, January 16, 2006 10:56 AM
To: [email protected]
Subject: RE: [ActiveDir] configure port exceptions in windows xp
firewall via gpo

Looking at the docs, I would say that you can only specify a specific
port as that field is defined as <Port> where <Port> is a decimal
number.

You could try putting in a * as a wildcard and see if that works. If
not, you may consider using ipsec policies instead.


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Peter Jakobsson
Sent: Monday, January 16, 2006 10:48 AM
To: [email protected]
Subject: [ActiveDir] configure port exceptions in windows xp firewall
via gpo

Hello,

I am trying to configure the "Windows firewall:define port exceptions"
policy on my clients (xpsp2).

What I want is to block the communication from clients on all ports; and
enable the servers (win2k3), printers and gateways to communicate with
the clients (on all ports)

I have been using strings looking like

1-65536:tcp:192.19.100.101-192.19.100.200/24:disable:disable client
communication 1-65536:tcp:192.19.100.1-192.19.100.40/24:enable:enable
server and printer communication
1-65536:tcp:192.19.100.250-192.19.100.254/24:enable:enable gateway
communication


(You could say that the "disable client communication" string works
since the clients are inaccessible, however you cannot access them from
the server either, so...) =)


Perhaps you cannot specify multiple ports the way I did or is there
something else wrong with my strings. Suggestions?

Regards
Peter
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] configure port exceptions in windows xp firewall via gpo

Reply via email to