Click here to get back home

Re: Port Range in Exceptions
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Re: Port Range in Exceptions Karl Levinson, mvp 06-14-2005
Get Chitika Premium
Posted by Karl Levinson, mvp on June 14, 2005, 11:28 pm
Please log in for more thread options
 It's there because Microsoft put them there. They have the ability to put
in multiple ports, but you and I don't.

The question for me is not how or why those multiple port items are there.
The question for me is why MS thinks they have a good reason for needing
this ability to configure multiple ports, but we the customers don't... why
MS thinks they know all the services that we the customers might want to
aggregate into a single service or rule for ease of administration... why MS
doesn't think we might want to set up a complicated ACL rule set just once
instead of repeating this one by one for every port in the list... Why MS
wants to have the only firewall product on the planet that doesn't allow
this functionality. It makes no sense whatsoever to me. This should have
taken about 5 minutes of coding to fix if it had been put into WF from day
one, although now there will probably be a good deal of regression testing
to add and properly test this functionality. I really think the MS risk
assessment and thinking outside the box led them down the wrong road with
various parts of the Windows Firewall. A significant portion of the
customer base thinks WF is only half a firewall, due to a variety of
reasons.


> Please help me understand if multiple ports can not be defined for one
entry,
> then why there are TCP 139 and 445, and UDP 137 and 138 are listed for the
> "File and Printer Sharing" on the tab "Exceptions".
>
> Thanks and Regards,
>
> "David Beder [MSFT]" wrote:
>
> > port ranges are not supported. instead, the application/service itself
> > should be added to the exception list. that way only the ports that it
is
> > actually listening on will be open.
> >
> > there is no ability to map multiple port openings to a single user
defined
> > UI entry.
> > --
> > David
> > Microsoft Windows Networking
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> >
> >
> > > Hi,
> > >
> > > I have two question on the windows firewall that comes with sp1 on the
> > > 2003
> > > server.
> > >
> > > Is there any way to add range of TCP or UDP ports in the exceptions of
> > > windows firewall, instead of adding one port at time. As some system
use
> > > random ports between a range.
> > >
> > > And how to add multiple ports under on heading like there is one for
"File
> > > and Printer Sharing" on the exceptions tab.
> > >
> > > Thanks in advance.
> > >
> >
> >
> >



Similar ThreadsPosted
field length limit in firewall "define port exceptions" GPO? August 14, 2006, 8:08 pm
firewall profiles and individual interface exceptions June 13, 2007, 10:45 am
ipsec to block ip range November 22, 2005, 12:12 pm
network filetering my range of IP addresses July 29, 2005, 11:23 am
port lockouts March 11, 2006, 1:13 pm
close 135 port two NIC October 5, 2006, 5:00 am
Authenticate USB PORT October 18, 2006, 6:49 am
Functions of Port 445? November 2, 2006, 11:35 pm
Port Disable January 2, 2007, 11:20 pm
telnet using port 443 February 28, 2007, 6:55 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap