Re: How do I Restrict port access to single IP Address
From: Nepatsfan (nepatsfan_at_SBXXXVIII.com)
Date: 02/11/05
- Next message: donotspam: "Disabling firewall"
- Previous message: Jupiter Jones [MVP]: "Re: Unknown password for XP log in"
- In reply to: Andrew Wright: "Re: How do I Restrict port access to single IP Address"
- Next in thread: Andrew Wright: "Re: How do I Restrict port access to single IP Address"
- Reply: Andrew Wright: "Re: How do I Restrict port access to single IP Address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 11 Feb 2005 15:04:53 -0500
>From what I can gather the "Allow incoming echo requests" is
grayed out by default. The only way I know of to change that is
to disable port 445. Go to the Windows Firewall Exceptions page
and select "File and Printer Sharing". Uncheck port 445. Click OK
twice. That should block any ping requests. You should still be
able to access shared resources from the single IP address
through port 139.
Note: When I tested this there was a slight delay between when I
disabled port 445 and incoming ping requests were blocked. It
wasn't until the second ping attempt that the message "Request
timed out" was returned. Further attempts were blocked.
Keep in mind that Windows Firewall has limitations. It's fine for
most home users but it lacks a lot of features, the least of
which is the ability to filter outgoing traffic. If your
concerned about security, I'd suggest using a third party
firewall (e.g. Zone Alarm, Sygate, McAfee Personal Firewall) or a
router that's capable of filtering port traffic.
-- Nepatsfan "Andrew Wright" <AndrewWright@discussions.microsoft.com> wrote in message news:D50E5AF3-A0FC-4539-AB67-013B3A8F4AE9@microsoft.com... > Thanks Nepatsfan. > > This works for TCP 139, I can now only see the computer with > the rule in its > firewall from the IP address I specified. > > But for TCP 445 I still seem to be able to ping the machine > with the rule in > its firewall from any other machine on the network. Is this > just the way it > has to be? > > I have checked the ICMP settings on the Advanced tab, and only > the 'Allow > incomming echo request' option is ticked, but it is greyed out > presumably > because of the scope setting against TCP 445 in the exceptions. > > Thanks again! > > "Nepatsfan" wrote: > >> On the Exceptions page highlight "File and Printer sharing" >> and >> select Edit. In the "Edit a Service" box highlight the port >> you >> wish to restrict and select "Change Scope". In the Change >> Scope >> box select Custom list and enter the IP address. >> >> -- >> Nepatsfan >> "Andrew Wright" <Andrew Wright@discussions.microsoft.com> >> wrote >> in message >> news:0C8A18F1-50B8-4742-8E62-F556A236821F@microsoft.com... >> >I want to open, but restrict access to, ports TCP 139 and TCP >> >445 on a >> > machine running XP SP2 with windows firewall enabled. >> > >> > Trouble is I want to open and restrict access of these ports >> > to >> > a single IP >> > address on the network. >> > >> > Does anyone know how to achieve this using Exceptions in the >> > windows firewall? >> > >> > Is it the correct tool to use? >> > >> > Thanks >> >> >> >>
- Next message: donotspam: "Disabling firewall"
- Previous message: Jupiter Jones [MVP]: "Re: Unknown password for XP log in"
- In reply to: Andrew Wright: "Re: How do I Restrict port access to single IP Address"
- Next in thread: Andrew Wright: "Re: How do I Restrict port access to single IP Address"
- Reply: Andrew Wright: "Re: How do I Restrict port access to single IP Address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
