Use Windows Firewall to Block ports

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
So I have been looking all morning on groups and I cant find anything
that answers this question. All I can find is how to enable ports but
not block. I need to block ports

Port 3689 TCP
Port 5353 UDP

Yes this is the ports itunes sharing uses. Its eating my bandwidth on
my network. Since all my users are within the firewall I cant use that
to block it. I was thinking that I could setup a group policy with
windows firewall and just block these ports but I can figure it out. I
went into the policy Windows Firewall: Define port exception and

3869:TCP:"*":disabled:Itunes Sharing
5353:UDP:"*":disabled:Itunes Sharing

but that didnt work. I have a feeling this is not the correct way to
do this but besides installed a local firewall on each box I cant
figure it out.

Re: Use Windows Firewall to Block ports wrote:
Quoted text here. Click to load it

Easy: everything that is not enabled is blocked.

Quoted text here. Click to load it

Oh, you want to block outbound connections. The Windows-Firewall doesn't
do that. If you don't want iTunes traffic: why are your users allowed to
use iTunes in the first place?

If you're only concerned about the traffic volume I'd suggest to do
traffic shaping on the border router.

"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Use Windows Firewall to Block ports
X-No-Archive: Yes

Quoted text here. Click to load it

Ther is nothing wrong with iTunes. Unlike Kazaa or Grokser, everything
available on iTines is legal and licensed, so there is no potential legal
problems with iTunes.

Re: Use Windows Firewall to Block ports
Quoted text here. Click to load it

Chilly, you idiot - what part of "eating up all my bandwidth" didn't you

To block ITunes you need to have a firewall, not the windows firewall,
but a firewall to block access to the internet. You can also create a
script to remove the ITunes application from their machines - since they
really have no business with ITunes being installed on a company


- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist" (remove 999 for proper email address)

Re: Use Windows Firewall to Block ports
X-No-Archive: Yes

Quoted text here. Click to load it

As far as Net radio goes, just about any MP3 (as long as there is no DRM
on it) file or stream that can be heard on iTunes will also work on Windows
Media Player.

But as far as proxies go, I have just gotten a taste of what to expect on
"Cyber Monday" in America. My proxy was SWAMPED a while ago
with people getting a jump on their Christmas shopping, and using my
proxy to access shopping sites from work, with enough of a load to
break the proxy software on my server. And nearly all the traffic
came from corporate networks all over the eastern USA. People were
going to every shopping site imagaineable, from their work PCs.
My proxy barfed on the exessive load it got from people accessing
shopping sites from work. I had a peak load of 368, at about 9:03 AM
US Eastern time, going to shopping sites, and nearly all of it coming
from corporate networks in the eastern USA.

I can just IMAGINE the load my proxy will get next Monday, during
"Cyber Monday", when more people log on to shopping sites, from
work, than any other day of the year.

Anyone else running a public anonymity proxy better get ready for
unusually high loads on "Cyber Monday", as people attempt to
bypass company firewalls to do their Christmas shopping. I am
sure that the E-tailers LOVE people like me that run public
anonymity proxies, because it means more people can access
their sites, which means more money for them.

Re: Use Windows Firewall to Block ports

Quoted text here. Click to load it

If you're trying to stop outbound on XP's FW, then you can't do it.

You can run IPsec in conjection with XP's FW to stop inbound or outbound
traffic on a port.

Re: Use Windows Firewall to Block ports
Quoted text here. Click to load it

you can use IPSec (without disabling the windows firewall) to create
a port filtering policy which you may then assign to the desired PCs
as an example, have a look here

using IPSec you'll be able to perform "outbound filtering" (the plain
vanilla XP firewall hasn't this capability) so, setting up blocking rules
for the undesired ports/protocol you'll be able to filter out them w/o
any need to install other s/w on the machines

Site Timeline