Configuring Windows 2000 Firewall Policy

[Banditosway]

I've searched and searched and yet I can't seem to come up with anything helpful. I have a standalone Windows 2000 Server that's running a dedicated application suite.

I'm looking for a way to configure the built-in Windows Firewall to DROP packets from all sources on a given port, except for one specific address. Everything I read about "how to setup the windows firewwall" basically dictates that I have to block everything and only configure exceptions.

I'm looking to do just the opposite. I want to allow everything, but just drop all connections on one specific port. Before the followups come stating that this is an "unsecure" (insecure ?) model, please hold back on those comments. I understand that. This is in a secure datacenter behind hardware firewalls and is only used for this one application (a chat client). I know that this can be done w/ 3rd party firewalls by leaving the default rule to PERMIT ALL and just DENYing the specific port I need to lock down.

Anyone have any useful info? Please...

Thanks in advance.

[Banditosway]

Anyone?

Does anyone have any ideas/suggestions/tips? A URL that may explain it?

Can someone point me in the right direction??

thanks,

[valter]

Haven't seen a win2k box in a while, but I can't recall that win2k box has a built in firewall ... anyway, even Win2k3 box built in firewall wouldn't do what you're looking for, I would advise you to look for a third party product or ISA2k4

[Banditosway]

Windows 2000 Server comes with basic firewalling functionality (as does Window 2k3).

I started playing around with IP Filtering....

1. Open the Control Panel.
   
2. From the Network Connections applet, open the connection you want to configure.
   
3. Click the Properties button.
   
4. Select Internet Protocol (TCP/IP).
   
5. Click the Properties button.
   
6. Click the Advanced button.
   
7. Click the Options tab.
   
8. Select TCP/IP filtering.
   
9. Click the Properties button.
   
10. Check the box beside Enable TCP/IP Filtering.
    
11. Select Permit Only for TCP Ports, UDP Ports, and/or IP Protocols.
    
12. Click the Add button.
    
13. Enter the port or protocol number and click OK.
    
14. Repeat the last couple of steps until you've entered all desired ports and protocols.
    
15. After you are done, close all the dialog screens by clicking either OK or Close.
    
16. You will be prompted to reboot for the changes to take effect.
    

The problem I find here is that it can lock down all ports EXCEPT what I list... but I can't specify other exceptions.

Guess a third party tool is what is needed here.

Just seemed a waste to spend money on a full firewalling package when all that is needed is a few rules.

[valter]

Windows 2000 Server comes with basic firewalling functionality (as does Window 2k3).

I started playing around with IP Filtering....

1. Open the Control Panel.
   
2. From the Network Connections applet, open the connection you want to configure.
   
3. Click the Properties button.
   
4. Select Internet Protocol (TCP/IP).
   
5. Click the Properties button.
   
6. Click the Advanced button.
   
7. Click the Options tab.
   
8. Select TCP/IP filtering.
   
9. Click the Properties button.
   
10. Check the box beside Enable TCP/IP Filtering.
    
11. Select Permit Only for TCP Ports, UDP Ports, and/or IP Protocols.
    
12. Click the Add button.
    
13. Enter the port or protocol number and click OK.
    
14. Repeat the last couple of steps until you've entered all desired ports and protocols.
    
15. After you are done, close all the dialog screens by clicking either OK or Close.
    
16. You will be prompted to reboot for the changes to take effect.
    

The problem I find here is that it can lock down all ports EXCEPT what I list... but I can't specify other exceptions. 

Guess a third party tool is what is needed here.

Just seemed a waste to spend money on a full firewalling package when all that is needed is a few rules.

<{POST_SNAPBACK}>

sorry dude, but that's TCP/IP filtering, the same functionality that existis on Win2k3 beside firewall ... but that's NOT the firewall, never was, nor will be ... as I said, look for the third party firewall

[InTheWayBoy]

Yeah...I'm a big Win2000 fan, and thankfully there is no built-in firewall...that's why it's the best! No bloat, no excessive services...smooth.