Use Windows Firewall to Block ports - Firewalls

This is a discussion on Use Windows Firewall to Block ports - Firewalls ; So I have been looking all morning on groups and I cant find anything that answers this question. All I can find is how to enable ports but not block. I need to block ports Port 3689 TCP Port 5353 ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Use Windows Firewall to Block ports

  1. Use Windows Firewall to Block ports

    So I have been looking all morning on groups and I cant find anything
    that answers this question. All I can find is how to enable ports but
    not block. I need to block ports

    Port 3689 TCP
    Port 5353 UDP

    Yes this is the ports itunes sharing uses. Its eating my bandwidth on
    my network. Since all my users are within the firewall I cant use that
    to block it. I was thinking that I could setup a group policy with
    windows firewall and just block these ports but I can figure it out. I
    went into the policy Windows Firewall: Define port exception and
    added

    3869:TCP:"*":disabled:Itunes Sharing
    5353:UDP:"*":disabled:Itunes Sharing

    but that didnt work. I have a feeling this is not the correct way to
    do this but besides installed a local firewall on each box I cant
    figure it out.

  2. Re: Use Windows Firewall to Block ports

    cbielich@yahoo.com wrote:
    > So I have been looking all morning on groups and I cant find anything
    > that answers this question. All I can find is how to enable ports but
    > not block.


    Easy: everything that is not enabled is blocked.

    > Yes this is the ports itunes sharing uses. Its eating my bandwidth on
    > my network. Since all my users are within the firewall I cant use that
    > to block it. I was thinking that I could setup a group policy with
    > windows firewall and just block these ports but I can figure it out. I
    > went into the policy Windows Firewall: Define port exception and
    > added


    Oh, you want to block outbound connections. The Windows-Firewall doesn't
    do that. If you don't want iTunes traffic: why are your users allowed to
    use iTunes in the first place?

    If you're only concerned about the traffic volume I'd suggest to do
    traffic shaping on the border router.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  3. Re: Use Windows Firewall to Block ports


    wrote in message
    news:54840d5c-155d-41ff-aa4a-cea26b95ca8f@i12g2000prf.googlegroups.com...
    > So I have been looking all morning on groups and I cant find anything
    > that answers this question. All I can find is how to enable ports but
    > not block. I need to block ports
    >
    > Port 3689 TCP
    > Port 5353 UDP
    >
    > Yes this is the ports itunes sharing uses. Its eating my bandwidth on
    > my network. Since all my users are within the firewall I cant use that
    > to block it. I was thinking that I could setup a group policy with
    > windows firewall and just block these ports but I can figure it out. I
    > went into the policy Windows Firewall: Define port exception and
    > added
    >
    > 3869:TCP:"*":disabled:Itunes Sharing
    > 5353:UDP:"*":disabled:Itunes Sharing
    >
    > but that didnt work. I have a feeling this is not the correct way to
    > do this but besides installed a local firewall on each box I cant
    > figure it out.


    If you're trying to stop outbound on XP's FW, then you can't do it.

    You can run IPsec in conjection with XP's FW to stop inbound or outbound
    traffic on a port.

    http://support.microsoft.com/kb/813878


  4. Re: Use Windows Firewall to Block ports

    X-No-Archive: Yes

    "Ansgar -59cobalt- Wiechers" wrote in message
    news:fhl37gU7cfL1@news.in-ulm.de...
    > cbielich@yahoo.com wrote:
    >> So I have been looking all morning on groups and I cant find anything
    >> that answers this question. All I can find is how to enable ports but
    >> not block.

    >
    > Easy: everything that is not enabled is blocked.
    >
    >> Yes this is the ports itunes sharing uses. Its eating my bandwidth on
    >> my network. Since all my users are within the firewall I cant use that
    >> to block it. I was thinking that I could setup a group policy with
    >> windows firewall and just block these ports but I can figure it out. I
    >> went into the policy Windows Firewall: Define port exception and
    >> added

    >
    > Oh, you want to block outbound connections. The Windows-Firewall doesn't
    > do that. If you don't want iTunes traffic: why are your users allowed to
    > use iTunes in the first place?


    Ther is nothing wrong with iTunes. Unlike Kazaa or Grokser, everything
    available on iTines is legal and licensed, so there is no potential legal
    problems with iTunes.



  5. Re: Use Windows Firewall to Block ports

    In article , chilly8@hotmail.com says...
    > X-No-Archive: Yes
    >
    > "Ansgar -59cobalt- Wiechers" wrote in message
    > news:fhl37gU7cfL1@news.in-ulm.de...
    > > cbielich@yahoo.com wrote:
    > >> So I have been looking all morning on groups and I cant find anything
    > >> that answers this question. All I can find is how to enable ports but
    > >> not block.

    > >
    > > Easy: everything that is not enabled is blocked.
    > >
    > >> Yes this is the ports itunes sharing uses. Its eating my bandwidth on
    > >> my network. Since all my users are within the firewall I cant use that
    > >> to block it. I was thinking that I could setup a group policy with
    > >> windows firewall and just block these ports but I can figure it out. I
    > >> went into the policy Windows Firewall: Define port exception and
    > >> added

    > >
    > > Oh, you want to block outbound connections. The Windows-Firewall doesn't
    > > do that. If you don't want iTunes traffic: why are your users allowed to
    > > use iTunes in the first place?

    >
    > Ther is nothing wrong with iTunes. Unlike Kazaa or Grokser, everything
    > available on iTines is legal and licensed, so there is no potential legal
    > problems with iTunes.


    Chilly, you idiot - what part of "eating up all my bandwidth" didn't you
    understand.

    To block ITunes you need to have a firewall, not the windows firewall,
    but a firewall to block access to the internet. You can also create a
    script to remove the ITunes application from their machines - since they
    really have no business with ITunes being installed on a company
    computer.

    --

    Leythos
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  6. Re: Use Windows Firewall to Block ports


    > but that didnt work. I have a feeling this is not the correct way
    > to do this but besides installed a local firewall on each box I cant
    > figure it out.


    you can use IPSec (without disabling the windows firewall) to create
    a port filtering policy which you may then assign to the desired PCs
    as an example, have a look here

    http://homepages.wmich.edu/~mchugha/w2kfirewall.htm

    using IPSec you'll be able to perform "outbound filtering" (the plain
    vanilla XP firewall hasn't this capability) so, setting up blocking rules
    for the undesired ports/protocol you'll be able to filter out them w/o
    any need to install other s/w on the machines




+ Reply to Thread