1. Home
  2. Networking Firewalls
  3. Use Windows Firewall to Block ports

Use Windows Firewall to Block ports

So I have been looking all morning on groups and I cant find anything that answers this question. All I can find is how to enable ports but not block. I need to block ports

Port 3689 TCP Port 5353 UDP

Yes this is the ports itunes sharing uses. Its eating my bandwidth on my network. Since all my users are within the firewall I cant use that to block it. I was thinking that I could setup a group policy with windows firewall and just block these ports but I can figure it out. I went into the policy Windows Firewall: Define port exception and added

3869:TCP:"*":disabled:Itunes Sharing 5353:UDP:"*":disabled:Itunes Sharing

but that didnt work. I have a feeling this is not the correct way to do this but besides installed a local firewall on each box I cant figure it out.

Reply to
cbielich
Loading thread data ...

Easy: everything that is not enabled is blocked.

Oh, you want to block outbound connections. The Windows-Firewall doesn't do that. If you don't want iTunes traffic: why are your users allowed to use iTunes in the first place?

If you're only concerned about the traffic volume I'd suggest to do traffic shaping on the border router.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

If you're trying to stop outbound on XP's FW, then you can't do it.

You can run IPsec in conjection with XP's FW to stop inbound or outbound traffic on a port.

formatting link

Reply to
Mr. Arnold

Ther is nothing wrong with iTunes. Unlike Kazaa or Grokser, everything available on iTines is legal and licensed, so there is no potential legal problems with iTunes.

Reply to
Chilly8

Chilly, you idiot - what part of "eating up all my bandwidth" didn't you understand.

To block ITunes you need to have a firewall, not the windows firewall, but a firewall to block access to the internet. You can also create a script to remove the ITunes application from their machines - since they really have no business with ITunes being installed on a company computer.

Reply to
Leythos

As far as Net radio goes, just about any MP3 (as long as there is no DRM on it) file or stream that can be heard on iTunes will also work on Windows Media Player.

But as far as proxies go, I have just gotten a taste of what to expect on "Cyber Monday" in America. My proxy was SWAMPED a while ago with people getting a jump on their Christmas shopping, and using my proxy to access shopping sites from work, with enough of a load to break the proxy software on my server. And nearly all the traffic came from corporate networks all over the eastern USA. People were going to every shopping site imagaineable, from their work PCs. My proxy barfed on the exessive load it got from people accessing shopping sites from work. I had a peak load of 368, at about 9:03 AM US Eastern time, going to shopping sites, and nearly all of it coming from corporate networks in the eastern USA.

I can just IMAGINE the load my proxy will get next Monday, during "Cyber Monday", when more people log on to shopping sites, from work, than any other day of the year.

Anyone else running a public anonymity proxy better get ready for unusually high loads on "Cyber Monday", as people attempt to bypass company firewalls to do their Christmas shopping. I am sure that the E-tailers LOVE people like me that run public anonymity proxies, because it means more people can access their sites, which means more money for them.

Reply to
Chilly8

you can use IPSec (without disabling the windows firewall) to create a port filtering policy which you may then assign to the desired PCs as an example, have a look here

formatting link
using IPSec you'll be able to perform "outbound filtering" (the plain vanilla XP firewall hasn't this capability) so, setting up blocking rules for the undesired ports/protocol you'll be able to filter out them w/o any need to install other s/w on the machines

Reply to
Arne Saknussemm

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.