L
Leonid
Doe's anybody have experience how to open/close TCP/IP ports on XPe box
using
batch or script files.
Thanks
Leonid
using
batch or script files.
Thanks
Leonid
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
S
Sean Gahan
Leonid,
If you included ICF in your build, then you may use the icfutil tool
developed by MS. You can find out about in the NG:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&q=icfutil&btnG=Search or
icfutil website:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnxpesp1/html/icf_enable.asp
or if you want to script it:
OPTION EXPLICIT
DIM ICSSC_DEFAULT, CONNECTION_PUBLIC, CONNECTION_PRIVATE, CONNECTION_ALL
DIM NetSharingManager
DIM PublicConnection, PrivateConnection
DIM EveryConnectionCollection
DIM objArgs
DIM con
ICSSC_DEFAULT = 0
CONNECTION_PUBLIC = 0
CONNECTION_PRIVATE = 1
CONNECTION_ALL = 2
Main( )
sub Main( )
Set objArgs = WScript.Arguments
con = "NAME_OF_WAN_CONNECTION"
' if objArgs.Count = 1 then
' con = objArgs(0)
' WScript.Echo con
if Initialize() = TRUE then
GetConnectionObjects()
FirewallTestByName(con)
end if
' else
' DIM szMsg
' szMsg = "Invalid usage! Please provide the name of the connection
as the argument." & chr(13) & chr(13) & _
' "Usage:" & chr(13) & _
' " " + WScript.scriptname + " " + chr(34) +
"Connection Name" + chr(34)
' WScript.Echo( szMsg )
' end if
end sub
sub FirewallTestByName(conName)
on error resume next
DIM Item
DIM EveryConnection
DIM objNCProps
DIM szMsg
DIM bFound
bFound = false
for each Item in EveryConnectionCollection
set EveryConnection =
NetSharingManager.INetSharingConfigurationForINetConnection(Item)
set objNCProps = NetSharingManager.NetConnectionProps(Item)
if (ucase(conName) = ucase(objNCProps.Name)) then
szMsg = "Enabling Firwall on connection:" & chr(13) & _
"Name: " & objNCProps.Name & chr(13) & _
"Guid: " & objNCProps.Guid & chr(13) & _
"DeviceName: " & objNCProps.DeviceName & chr(13) & _
"Status: " & objNCProps.Status & chr(13) & _
"MediaType: " & objNCProps.MediaType
' WScript.Echo(szMsg)
bFound = true
EveryConnection.EnableInternetFirewall
exit for
end if
next
if( bFound = false ) then
' WScript.Echo( "Connection " & chr(34) & conName & chr(34) & " was
not found" )
end if
end sub
function Initialize()
DIM bReturn
bReturn = FALSE
set NetSharingManager = Wscript.CreateObject("HNetCfg.HNetShare.1")
if (IsObject(NetSharingManager)) = FALSE then
' Wscript.Echo("Unable to get the HNetCfg.HnetShare.1 object")
else
if (IsNull(NetSharingManager.SharingInstalled) = TRUE) then
' Wscript.Echo("Sharing isn't available on this platform.")
else
bReturn = TRUE
end if
end if
Initialize = bReturn
end function
function GetConnectionObjects()
DIM bReturn
DIM Item
bReturn = TRUE
if GetConnection(CONNECTION_PUBLIC) = FALSE then
bReturn = FALSE
end if
if GetConnection(CONNECTION_PRIVATE) = FALSE then
bReturn = FALSE
end if
if GetConnection(CONNECTION_ALL) = FALSE then
bReturn = FALSE
end if
GetConnectionObjects = bReturn
end function
function GetConnection(CONNECTION_TYPE)
DIM bReturn
DIM Connection
DIM Item
bReturn = TRUE
if (CONNECTION_PUBLIC = CONNECTION_TYPE) then
set Connection =
NetSharingManager.EnumPublicConnections(ICSSC_DEFAULT)
if (Connection.Count > 0) and (Connection.Count < 2) then
for each Item in Connection
set PublicConnection =
NetSharingManager.INetSharingConfigurationForINetConnection(Item)
next
else
bReturn = FALSE
end if
elseif (CONNECTION_PRIVATE = CONNECTION_TYPE) then
set Connection =
NetSharingManager.EnumPrivateConnections(ICSSC_DEFAULT)
if (Connection.Count > 0) and (Connection.Count < 2) then
for each Item in Connection
set PrivateConnection =
NetSharingManager.INetSharingConfigurationForINetConnection(Item)
next
else
bReturn = FALSE
end if
elseif (CONNECTION_ALL = CONNECTION_TYPE) then
set Connection = NetSharingManager.EnumEveryConnection
if (Connection.Count > 0) then
set EveryConnectionCollection = Connection
else
bReturn = FALSE
end if
else
bReturn = FALSE
end if
if (TRUE = bReturn) then
if (Connection.Count = 0) then
' Wscript.Echo("No " +
CStr(ConvertConnectionTypeToString(CONNECTION_TYPE)) + " connections exist
(Connection.Count gave us 0)")
bReturn = FALSE
'valid to have more than 1 connection returned from
EnumEveryConnection
elseif (Connection.Count > 1) and (CONNECTION_ALL <>
CONNECTION_TYPE) then
' Wscript.Echo("ERROR: There was more than one " +
ConvertConnectionTypeToString(CONNECTION_TYPE) + " connection (" +
CStr(Connection.Count) + ")")
bReturn = FALSE
end if
end if
' Wscript.Echo(CStr(Connection.Count) + " objects for connection type " +
ConvertConnectionTypeToString(CONNECTION_TYPE))
GetConnection = bReturn
end function
function ConvertConnectionTypeToString(ConnectionID)
DIM ConnectionString
if (ConnectionID = CONNECTION_PUBLIC) then
ConnectionString = "public"
elseif (ConnectionID = CONNECTION_PRIVATE) then
ConnectionString = "private"
elseif (ConnectionID = CONNECTION_ALL) then
ConnectionString = "all"
else
ConnectionString = "Unknown: " + CStr(ConnectionID)
end if
ConvertConnectionTypeToString = ConnectionString
end function
Regards,
Sean Gahan
If you included ICF in your build, then you may use the icfutil tool
developed by MS. You can find out about in the NG:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&q=icfutil&btnG=Search or
icfutil website:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnxpesp1/html/icf_enable.asp
or if you want to script it:
OPTION EXPLICIT
DIM ICSSC_DEFAULT, CONNECTION_PUBLIC, CONNECTION_PRIVATE, CONNECTION_ALL
DIM NetSharingManager
DIM PublicConnection, PrivateConnection
DIM EveryConnectionCollection
DIM objArgs
DIM con
ICSSC_DEFAULT = 0
CONNECTION_PUBLIC = 0
CONNECTION_PRIVATE = 1
CONNECTION_ALL = 2
Main( )
sub Main( )
Set objArgs = WScript.Arguments
con = "NAME_OF_WAN_CONNECTION"
' if objArgs.Count = 1 then
' con = objArgs(0)
' WScript.Echo con
if Initialize() = TRUE then
GetConnectionObjects()
FirewallTestByName(con)
end if
' else
' DIM szMsg
' szMsg = "Invalid usage! Please provide the name of the connection
as the argument." & chr(13) & chr(13) & _
' "Usage:" & chr(13) & _
' " " + WScript.scriptname + " " + chr(34) +
"Connection Name" + chr(34)
' WScript.Echo( szMsg )
' end if
end sub
sub FirewallTestByName(conName)
on error resume next
DIM Item
DIM EveryConnection
DIM objNCProps
DIM szMsg
DIM bFound
bFound = false
for each Item in EveryConnectionCollection
set EveryConnection =
NetSharingManager.INetSharingConfigurationForINetConnection(Item)
set objNCProps = NetSharingManager.NetConnectionProps(Item)
if (ucase(conName) = ucase(objNCProps.Name)) then
szMsg = "Enabling Firwall on connection:" & chr(13) & _
"Name: " & objNCProps.Name & chr(13) & _
"Guid: " & objNCProps.Guid & chr(13) & _
"DeviceName: " & objNCProps.DeviceName & chr(13) & _
"Status: " & objNCProps.Status & chr(13) & _
"MediaType: " & objNCProps.MediaType
' WScript.Echo(szMsg)
bFound = true
EveryConnection.EnableInternetFirewall
exit for
end if
next
if( bFound = false ) then
' WScript.Echo( "Connection " & chr(34) & conName & chr(34) & " was
not found" )
end if
end sub
function Initialize()
DIM bReturn
bReturn = FALSE
set NetSharingManager = Wscript.CreateObject("HNetCfg.HNetShare.1")
if (IsObject(NetSharingManager)) = FALSE then
' Wscript.Echo("Unable to get the HNetCfg.HnetShare.1 object")
else
if (IsNull(NetSharingManager.SharingInstalled) = TRUE) then
' Wscript.Echo("Sharing isn't available on this platform.")
else
bReturn = TRUE
end if
end if
Initialize = bReturn
end function
function GetConnectionObjects()
DIM bReturn
DIM Item
bReturn = TRUE
if GetConnection(CONNECTION_PUBLIC) = FALSE then
bReturn = FALSE
end if
if GetConnection(CONNECTION_PRIVATE) = FALSE then
bReturn = FALSE
end if
if GetConnection(CONNECTION_ALL) = FALSE then
bReturn = FALSE
end if
GetConnectionObjects = bReturn
end function
function GetConnection(CONNECTION_TYPE)
DIM bReturn
DIM Connection
DIM Item
bReturn = TRUE
if (CONNECTION_PUBLIC = CONNECTION_TYPE) then
set Connection =
NetSharingManager.EnumPublicConnections(ICSSC_DEFAULT)
if (Connection.Count > 0) and (Connection.Count < 2) then
for each Item in Connection
set PublicConnection =
NetSharingManager.INetSharingConfigurationForINetConnection(Item)
next
else
bReturn = FALSE
end if
elseif (CONNECTION_PRIVATE = CONNECTION_TYPE) then
set Connection =
NetSharingManager.EnumPrivateConnections(ICSSC_DEFAULT)
if (Connection.Count > 0) and (Connection.Count < 2) then
for each Item in Connection
set PrivateConnection =
NetSharingManager.INetSharingConfigurationForINetConnection(Item)
next
else
bReturn = FALSE
end if
elseif (CONNECTION_ALL = CONNECTION_TYPE) then
set Connection = NetSharingManager.EnumEveryConnection
if (Connection.Count > 0) then
set EveryConnectionCollection = Connection
else
bReturn = FALSE
end if
else
bReturn = FALSE
end if
if (TRUE = bReturn) then
if (Connection.Count = 0) then
' Wscript.Echo("No " +
CStr(ConvertConnectionTypeToString(CONNECTION_TYPE)) + " connections exist
(Connection.Count gave us 0)")
bReturn = FALSE
'valid to have more than 1 connection returned from
EnumEveryConnection
elseif (Connection.Count > 1) and (CONNECTION_ALL <>
CONNECTION_TYPE) then
' Wscript.Echo("ERROR: There was more than one " +
ConvertConnectionTypeToString(CONNECTION_TYPE) + " connection (" +
CStr(Connection.Count) + ")")
bReturn = FALSE
end if
end if
' Wscript.Echo(CStr(Connection.Count) + " objects for connection type " +
ConvertConnectionTypeToString(CONNECTION_TYPE))
GetConnection = bReturn
end function
function ConvertConnectionTypeToString(ConnectionID)
DIM ConnectionString
if (ConnectionID = CONNECTION_PUBLIC) then
ConnectionString = "public"
elseif (ConnectionID = CONNECTION_PRIVATE) then
ConnectionString = "private"
elseif (ConnectionID = CONNECTION_ALL) then
ConnectionString = "all"
else
ConnectionString = "Unknown: " + CStr(ConnectionID)
end if
ConvertConnectionTypeToString = ConnectionString
end function
Regards,
Sean Gahan
L
Leonid
Thanks Sean
1. Hopefully I included ICF tool into my image. So I'll learn the topics you
sent
2. Also thanks for script. One more question: Is it the same thing to drive
the firewall settings or TCP/IP filtering (advanced options for Network
card)?
Regards
\Leonid
1. Hopefully I included ICF tool into my image. So I'll learn the topics you
sent
2. Also thanks for script. One more question: Is it the same thing to drive
the firewall settings or TCP/IP filtering (advanced options for Network
card)?
Regards
\Leonid
D
Doug Hoeffel
Leonid:
I've setup TCP/IP port filtering via WMI. I'm out of the office this week
so if I can get access to my source code I'll post the code.
HTH
.... Doug
I've setup TCP/IP port filtering via WMI. I'm out of the office this week
so if I can get access to my source code I'll post the code.
HTH
.... Doug
S
Sean Gahan
Leonid,
1. If you are not familiar with the icfutil, then most likely it is not be
in your image.
2. You are welcome for the script. I would assume that if you set up an ip
filter, this would act as a firewall, but I have not worked with the filters
on a windows box and so therefore I can not say with certainty.
BTW: I am very interested in seeing what Doug post.
Regards,
Sean Gahan
1. If you are not familiar with the icfutil, then most likely it is not be
in your image.
2. You are welcome for the script. I would assume that if you set up an ip
filter, this would act as a firewall, but I have not worked with the filters
on a windows box and so therefore I can not say with certainty.
BTW: I am very interested in seeing what Doug post.
Regards,
Sean Gahan
D
Doug Hoeffel
This works for me. You will need to modify the reg strings for your network
driver:
================================================
Set WMIInterface = CreateObject("WbemScripting.SWbemLocator")
Set WMIServiceInterface = WMIInterface.ConnectServer(".", "Root\cimv2", "",
"")
Function SetFilterPorts(adapterIndex, tcpPortString, udpPortString,
protocolString)
queryString = "select * from Win32_NetworkAdapterConfiguration where
Index = " & adapterIndex
Dim retStatus
retStatus = -1
Set oNetAdapterCfg =
WMIServiceInterface.Get("Win32_NetworkAdapterConfiguration")
Set oMethodEnableFilterSec =
oNetAdapterCfg.Methods_.Item("EnableIPFilterSec")
Set oInParam = oMethodEnableFilterSec.InParameters.SpawnInstance_()
oInParam.IPFilterSecurityEnabled = TRUE
Set oOutParam = oNetAdapterCfg.ExecMethod_(oMethodEnableFilterSec.Name,
oInParam)
If oOutParam.ReturnValue = 0 or oOutParam.ReturnValue = 1 Then
Set cards = WMIServiceInterface.ExecQuery(queryString)
tcpPortArray = Split(tcpPortString)
udpPortArray = Split(udpPortString)
protocolArray = Split(protocolString)
For Each objCard In cards
retStatus = objCard.EnableIPSec(tcpPortArray, udpPortArray,
protocolArray)
Next
End If
SetFilterPorts = retStatus
End Function
Set WshShell = CreateObject("WScript.Shell")
vendor =
WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Services\E100E\Enum\0")
driverID = WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Enum\" & vendor &
"\Driver")
myArray = Split(driverID, "\")
netIndex = myArray(1)
' set the TCP, UDP, and IP port filtering
rc = SetFilterPorts(netIndex, "20 21 23 104 139 700 5631 10113 10114 10115
", "137 138 5632 ", "6 17 ")
===========================================
HTH... Doug
driver:
================================================
Set WMIInterface = CreateObject("WbemScripting.SWbemLocator")
Set WMIServiceInterface = WMIInterface.ConnectServer(".", "Root\cimv2", "",
"")
Function SetFilterPorts(adapterIndex, tcpPortString, udpPortString,
protocolString)
queryString = "select * from Win32_NetworkAdapterConfiguration where
Index = " & adapterIndex
Dim retStatus
retStatus = -1
Set oNetAdapterCfg =
WMIServiceInterface.Get("Win32_NetworkAdapterConfiguration")
Set oMethodEnableFilterSec =
oNetAdapterCfg.Methods_.Item("EnableIPFilterSec")
Set oInParam = oMethodEnableFilterSec.InParameters.SpawnInstance_()
oInParam.IPFilterSecurityEnabled = TRUE
Set oOutParam = oNetAdapterCfg.ExecMethod_(oMethodEnableFilterSec.Name,
oInParam)
If oOutParam.ReturnValue = 0 or oOutParam.ReturnValue = 1 Then
Set cards = WMIServiceInterface.ExecQuery(queryString)
tcpPortArray = Split(tcpPortString)
udpPortArray = Split(udpPortString)
protocolArray = Split(protocolString)
For Each objCard In cards
retStatus = objCard.EnableIPSec(tcpPortArray, udpPortArray,
protocolArray)
Next
End If
SetFilterPorts = retStatus
End Function
Set WshShell = CreateObject("WScript.Shell")
vendor =
WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Services\E100E\Enum\0")
driverID = WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Enum\" & vendor &
"\Driver")
myArray = Split(driverID, "\")
netIndex = myArray(1)
' set the TCP, UDP, and IP port filtering
rc = SetFilterPorts(netIndex, "20 21 23 104 139 700 5631 10113 10114 10115
", "137 138 5632 ", "6 17 ")
===========================================
HTH... Doug
S
Sean Gahan
Doug,
1.. Thank you for the script, it rocks!
2.. Do you use this is a firewall?
Regards,
Sean Gahan
1.. Thank you for the script, it rocks!
2.. Do you use this is a firewall?
Regards,
Sean Gahan
D
Doug Hoeffel
Sean:
Basically yes I use this as a firewall. The image that I deployed last year
did not have ICF. This kind of port filtering has protected me from most
but not all viruses.
HTH... Doug
Basically yes I use this as a firewall. The image that I deployed last year
did not have ICF. This kind of port filtering has protected me from most
but not all viruses.
HTH... Doug
L
Leonid
Thank you guys for your replay.
One more question:
What will happen if I have several ( for example 2 LAN cards: wired and
wireless)?
\Leonid
One more question:
What will happen if I have several ( for example 2 LAN cards: wired and
wireless)?
\Leonid
D
Doug Hoeffel
Leonid:
I think you will need to add port filtering on all interfaces separately.
HTH
.... Doug
I think you will need to add port filtering on all interfaces separately.
HTH
.... Doug