Windows XP firewall

The WinXP firewall allows for both programs and ports to be added to the
"exceptions" list. Here's my question. If I have a program that listens
on 32 different ports, do I need to manually open each and every port
(16 tcp and 16 udp) or can I just add the program to the exceptions
list? In doing the latter does it automatically open all ports that the
programs binds to? TIA

Also, is there any way to specify a range of ports to open, or do you
have to do each one individually?

Re: Windows XP firewall

This should answer your question.
http://it.deas.harvard.edu/?q=node/24



"Chuck" wrote in message
news:T5YAi.9$5h.3@trnddc03...
> The WinXP firewall allows for both programs and ports to be added to the
> "exceptions" list. Here's my question. If I have a program that listens on
> 32 different ports, do I need to manually open each and every port (16 tcp
> and 16 udp) or can I just add the program to the exceptions list? In doing
> the latter does it automatically open all ports that the programs binds
> to? TIA
>
> Also, is there any way to specify a range of ports to open, or do you have
> to do each one individually?

Re: Windows XP firewall

Poster 60 wrote:
> This should answer your question.
> http://it.deas.harvard.edu/?q=node/24
>

Not really. I explains what a firewall is and how to add exceptions. I
already know how to do that. I want to know something specific about the
windows xp firewall. When I add a program exception, and that programs
is going to bind with UDP ports 1200 and 27015, will those ports
automatically be opened while the program is running, or do I need to
open them permanently?

Re: Windows XP firewall

"Chuck" wrote in message
news:y%eBi.2105$xg.1775@trnddc05...
> Poster 60 wrote:
> > This should answer your question.
> > http://it.deas.harvard.edu/?q=node/24
> >
>
> When I add a program exception, and that programs
> is going to bind with UDP ports 1200 and 27015, will those ports
> automatically be opened while the program is running, or do I need to
> open them permanently?

When you run a program added to the exception list you are allowing
*incoming * connections to whatever ports that program uses. Ports usually
will open and close automatically.
If you find those two not opening, then add them to the
exception list.

Re: Windows XP firewall

"Chuck" wrote in message
news:y%eBi.2105$xg.1775@trnddc05...
> Poster 60 wrote:
> > This should answer your question.
> > http://it.deas.harvard.edu/?q=node/24
> >
>
> When I add a program exception, and that programs
> is going to bind with UDP ports 1200 and 27015, will those ports
> automatically be opened while the program is running, or do I need to
> open them permanently?

When you run a program added to the exception list you are allowing
incoming connections to whatever ports that program uses. Ports usually
will open and close automatically when connections are made.
To check this, enable the pfirewall log and watch the sequence as you surf.

Re: Windows XP firewall

If the program calls Winsock to make its port bindings, the firewall will
see this and will open (and close) the correct ports dynamically. If the
program uses some other method, then you'll need to create port-based
exceptions manually.

For port exceptions, you can indicate only one port per rule.

Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Chuck" wrote in message
news:T5YAi.9$5h.3@trnddc03...
> The WinXP firewall allows for both programs and ports to be added to the
> "exceptions" list. Here's my question. If I have a program that listens on
> 32 different ports, do I need to manually open each and every port (16 tcp
> and 16 udp) or can I just add the program to the exceptions list? In doing
> the latter does it automatically open all ports that the programs binds
> to? TIA
>
> Also, is there any way to specify a range of ports to open, or do you have
> to do each one individually?

Re: Windows XP firewall

Steve Riley [MSFT] wrote:
> If the program calls Winsock to make its port bindings, the firewall
> will see this and will open (and close) the correct ports dynamically.
> If the program uses some other method, then you'll need to create
> port-based exceptions manually.
>
> For port exceptions, you can indicate only one port per rule.
>

That sucks. There are about 40 ports this program may use. I used to use
Norton's FW (aka Internet Worm Protection) and it let you specify ranges.

I'm guessing the program is using winsock though since I can see the
ports it's listening on with "netstat -ab".

Re: Windows XP firewall

Yeah, hoping that we can get port range support into the product at some
point.

But if your program is in fact using Winsock, then you don't need a raft of
port exceptions. The single program exception should do it.

--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"Chuck" wrote in message
news:PueDi.1419$h06.941@trnddc03...
> Steve Riley [MSFT] wrote:
>> If the program calls Winsock to make its port bindings, the firewall will
>> see this and will open (and close) the correct ports dynamically. If the
>> program uses some other method, then you'll need to create port-based
>> exceptions manually.
>>
>> For port exceptions, you can indicate only one port per rule.
>>
>
> That sucks. There are about 40 ports this program may use. I used to use
> Norton's FW (aka Internet Worm Protection) and it let you specify ranges.
>
> I'm guessing the program is using winsock though since I can see the ports
> it's listening on with "netstat -ab".