Use Windows Firewall to Block ports

So I have been looking all morning on groups and I cant find anything
that answers this question. All I can find is how to enable ports but
not block. I need to block ports

Port 3689 TCP
Port 5353 UDP

Yes this is the ports itunes sharing uses. Its eating my bandwidth on
my network. Since all my users are within the firewall I cant use that
to block it. I was thinking that I could setup a group policy with
windows firewall and just block these ports but I can figure it out. I
went into the policy Windows Firewall: Define port exception and
added

3869:TCP:"*":disabled:Itunes Sharing
5353:UDP:"*":disabled:Itunes Sharing

but that didnt work. I have a feeling this is not the correct way to
do this but besides installed a local firewall on each box I cant
figure it out.

Re: Use Windows Firewall to Block ports

cbielich@yahoo.com wrote:
> So I have been looking all morning on groups and I cant find anything
> that answers this question. All I can find is how to enable ports but
> not block.

Easy: everything that is not enabled is blocked.

> Yes this is the ports itunes sharing uses. Its eating my bandwidth on
> my network. Since all my users are within the firewall I cant use that
> to block it. I was thinking that I could setup a group policy with
> windows firewall and just block these ports but I can figure it out. I
> went into the policy Windows Firewall: Define port exception and
> added

Oh, you want to block outbound connections. The Windows-Firewall doesn't
do that. If you don't want iTunes traffic: why are your users allowed to
use iTunes in the first place?

If you're only concerned about the traffic volume I'd suggest to do
traffic shaping on the border router.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Use Windows Firewall to Block ports

wrote in message
news:54840d5c-155d-41ff-aa4a-cea26b95ca8f@i12g2000prf.google groups.com...
> So I have been looking all morning on groups and I cant find anything
> that answers this question. All I can find is how to enable ports but
> not block. I need to block ports
>
> Port 3689 TCP
> Port 5353 UDP
>
> Yes this is the ports itunes sharing uses. Its eating my bandwidth on
> my network. Since all my users are within the firewall I cant use that
> to block it. I was thinking that I could setup a group policy with
> windows firewall and just block these ports but I can figure it out. I
> went into the policy Windows Firewall: Define port exception and
> added
>
> 3869:TCP:"*":disabled:Itunes Sharing
> 5353:UDP:"*":disabled:Itunes Sharing
>
> but that didnt work. I have a feeling this is not the correct way to
> do this but besides installed a local firewall on each box I cant
> figure it out.

If you're trying to stop outbound on XP's FW, then you can't do it.

You can run IPsec in conjection with XP's FW to stop inbound or outbound
traffic on a port.

http://support.microsoft.com/kb/813878

Re: Use Windows Firewall to Block ports

Post removed (X-No-Archive: yes)

Re: Use Windows Firewall to Block ports

In article , chilly8@hotmail.com says...
> X-No-Archive: Yes
>
> "Ansgar -59cobalt- Wiechers" wrote in message
> news:fhl37gU7cfL1@news.in-ulm.de...
> > cbielich@yahoo.com wrote:
> >> So I have been looking all morning on groups and I cant find anything
> >> that answers this question. All I can find is how to enable ports but
> >> not block.
> >
> > Easy: everything that is not enabled is blocked.
> >
> >> Yes this is the ports itunes sharing uses. Its eating my bandwidth on
> >> my network. Since all my users are within the firewall I cant use that
> >> to block it. I was thinking that I could setup a group policy with
> >> windows firewall and just block these ports but I can figure it out. I
> >> went into the policy Windows Firewall: Define port exception and
> >> added
> >
> > Oh, you want to block outbound connections. The Windows-Firewall doesn't
> > do that. If you don't want iTunes traffic: why are your users allowed to
> > use iTunes in the first place?
>
> Ther is nothing wrong with iTunes. Unlike Kazaa or Grokser, everything
> available on iTines is legal and licensed, so there is no potential legal
> problems with iTunes.

Chilly, you idiot - what part of "eating up all my bandwidth" didn't you
understand.

To block ITunes you need to have a firewall, not the windows firewall,
but a firewall to block access to the internet. You can also create a
script to remove the ITunes application from their machines - since they
really have no business with ITunes being installed on a company
computer.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Use Windows Firewall to Block ports

Post removed (X-No-Archive: yes)

Re: Use Windows Firewall to Block ports

Post removed (X-No-Archive: yes)