10.12. Configuring TCP/IP Filtering

Problem

You want to configure TCP/IP filtering to prevent a server from responding to certain protocols or ports or allow it to respond to certain protocols or ports. This filtering is applied to inbound traffic and does not affect outbound traffic.

Solution

Using a graphical user interface

  1. Open the Control Panel.

  2. From the Network Connections applet, open the connection you want to configure.

  3. Click the Properties button.

  4. Select Internet Protocol (TCP/IP).

  5. Click the Properties button.

  6. Click the Advanced button.

  7. Click the Options tab.

  8. Select TCP/IP filtering.

  9. Click the Properties button.

  10. Check the box beside Enable TCP/IP Filtering.

  11. Select Permit Only for TCP Ports, UDP Ports, and/or IP Protocols.

  12. Click the Add button.

  13. Enter the port or protocol number and click OK.

  14. Repeat the last couple of steps until you've entered all desired ports and protocols.

  15. After you are done, close all the dialog screens by clicking either OK or Close.

  16. You will be prompted to reboot for the changes to take effect.

Using a command-line interface

The following command enables TCP/IP filtering:

> reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v
EnableSecurityFilters /t REG_DWORD /d 1

You must reboot for the changes to take effect. To disable filtering, change /d 1 to /d 0.

Next, configure the protocols and ports you want to filter. This must be done on a per-interface basis. To configure this using the registry, you need to know the GUID assigned to the interface you want ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.