The windows firewall UI is a bit cumbersome. This method will let you set up a host reliably to be secure, and to allow only inbound traffic that you want.
Enable firewall in all profiles (home / domain / public)
netsh advfirewall set allprofiles state on
By default, deny all inbound and allow all outbound traffic
netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound
Add rule to allow SMTP traffic inbound to a specific port from a specific network range
netsh advfirewall firewall add rule name="Allow Inbound TCP/25 from SMTP relay hosts" protocol=TCP dir=in localport=25 action=allow remoteip=10.20.30.0/24
Add rule to allow all HTTP and HTTPS traffic inbound
netsh
advfirewall firewall add rule name="Allow Inbound TCP/80 from everywhere" protocol=TCP dir=in localport=80 action=allow
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment