Question about TCP/IP filtering

[Gary]

I am using the TCP/IP filtering to set up some kind of firewall to
block unauthorized connection to my machine.

I am not using Internet at all, no email. So I guess I do not need set
up the ICF(Iternet Connection Firewall). Can anyone verify this?

I am using a large number of ports to communicate with my WXPE
machine. I setup the TCP/IP filtering so that I can choose the "permit
only" ports number. But I did not find any easy way to have a range of
the ports number. For example, I will allow TCP ports number from 2000
to 4000. It is impossible adding them manually one by one. Can I have
some kind of range selection ?

Thanks,
Gary

 

[Doug Hoeffel \(eMVP\)]

Gary:

I use TCP/IP port filtering without the ICF.

From my experience, you have to enter the ports you want open one by one.
Do you really need ALL the ports from 2000 to 4000 open?

HTH... Doug

 

[Doug Hoeffel \(eMVP\)]

Gary:

You could allow ports 2000 to 4000 programmatically. Write a program that
edits the following registry keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter
faces\{yourIFguid}]
"UDPAllowedPorts"
"TCPAllowedPorts"

HTH... Doug

 

[Gary]

Gary:

You could allow ports 2000 to 4000 programmatically. Write a program that
edits the following registry keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter
faces\{yourIFguid}]
"UDPAllowedPorts"
"TCPAllowedPorts"

HTH... Doug

Gary:

I use TCP/IP port filtering without the ICF.

From my experience, you have to enter the ports you want open one by one.
Do you really need ALL the ports from 2000 to 4000 open?

HTH... Doug

Thanks Doug:

Could you give me some more information regarding how to write the
range under [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter
faces\{yourIFguid}]
"UDPAllowedPorts"
"TCPAllowedPorts" ?

Or where do i find more detailed information for writing the scripts
or definition on how to add the range to the "UDPAllowedPorts" or
"TCPAllowedPorts" under registry.

Thanks
Gary

 

[Doug Hoeffel \(eMVP\)]

Gary:

As an example, one of my reg keys contains the following:

"UDPAllowedPorts"=hex(7):31,33,37,00,31,33,38,00,35,36,33,32,00,00

which enables only udp ports 137, 138, and 5632. This key is of type
REG_MULTI_SZ.

I don't know about scripting, but you could write a C program to do this
using the API's RegOpenKey, RegSetValue, RegCloseKey.

Also, look into the IP Helper API. I haven't done much work with this API,
but maybe it allows a more automated way to do this. If you figure it out,
please let me know ;-)

HTH... Doug

"Doug Hoeffel \(eMVP\)" <[email protected]> wrote in

Gary:

You could allow ports 2000 to 4000 programmatically. Write a program that
edits the following registry keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter
faces\{yourIFguid}]
"UDPAllowedPorts"
"TCPAllowedPorts"

HTH... Doug

Gary:

I use TCP/IP port filtering without the ICF.

From my experience, you have to enter the ports you want open one by one.
Do you really need ALL the ports from 2000 to 4000 open?

HTH... Doug
I am using the TCP/IP filtering to set up some kind of firewall to
block unauthorized connection to my machine.

I am not using Internet at all, no email. So I guess I do not need set
up the ICF(Iternet Connection Firewall). Can anyone verify this?

I am using a large number of ports to communicate with my WXPE
machine. I setup the TCP/IP filtering so that I can choose the "permit
only" ports number. But I did not find any easy way to have a range of
the ports number. For example, I will allow TCP ports number from 2000
to 4000. It is impossible adding them manually one by one. Can I have
some kind of range selection ?

Thanks,
Gary

Thanks Doug:

Could you give me some more information regarding how to write the
range under [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter
faces\{yourIFguid}]
"UDPAllowedPorts"
"TCPAllowedPorts" ?

Or where do i find more detailed information for writing the scripts
or definition on how to add the range to the "UDPAllowedPorts" or
"TCPAllowedPorts" under registry.

Thanks
Gary