Ok, thanks i guess =) Is there another way of achieving this goal, without buying certain hardware or expensive licenses? Or is ipsec policies the best/only way to go?
-----Ursprungligt meddelande----- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För Darren Mar-Elia Skickat: den 16 januari 2006 21:43 Till: [email protected] Ämne: RE: [ActiveDir] configure port exceptions in windows xp firewall via gpo Right, not only can you not specify port ranges as you have done, but you can not specify subnet ranges as you have done. You can specific an address, a subnet or * but not ranges of a subnet. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, January 16, 2006 10:56 AM To: [email protected] Subject: RE: [ActiveDir] configure port exceptions in windows xp firewall via gpo Looking at the docs, I would say that you can only specify a specific port as that field is defined as <Port> where <Port> is a decimal number. You could try putting in a * as a wildcard and see if that works. If not, you may consider using ipsec policies instead. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Jakobsson Sent: Monday, January 16, 2006 10:48 AM To: [email protected] Subject: [ActiveDir] configure port exceptions in windows xp firewall via gpo Hello, I am trying to configure the "Windows firewall:define port exceptions" policy on my clients (xpsp2). What I want is to block the communication from clients on all ports; and enable the servers (win2k3), printers and gateways to communicate with the clients (on all ports) I have been using strings looking like 1-65536:tcp:192.19.100.101-192.19.100.200/24:disable:disable client communication 1-65536:tcp:192.19.100.1-192.19.100.40/24:enable:enable server and printer communication 1-65536:tcp:192.19.100.250-192.19.100.254/24:enable:enable gateway communication (You could say that the "disable client communication" string works since the clients are inaccessible, however you cannot access them from the server either, so...) =) Perhaps you cannot specify multiple ports the way I did or is there something else wrong with my strings. Suggestions? Regards Peter List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
