Who would have thought I’d be talking about the Windows Server 2003 SP1 firewall? But, it really works. And it’s almost tolerable to configure from the command line.
REM Set variables:
set Network1=192.168.1.0/255.255.255.0,192.168.10.128/255.255.255.224
set Network2=172.16.0.0/255.255.0.0
set Network3=10.12.0.0/255.255.254.0
REM Concatenate addresses here, MUST HAVE ONLY COMMAS (",") between them
set ADDRESSES=%Network1%,%Network2%,%Network3%
REM Allow MSSQL from All
netsh firewall add portopening protocol = TCP port = 1433 name = MSSQL mode = ENABLE scope = CUSTOM addresses = %ADDRESSES%
REM Allow RDP from Network1 only
netsh firewall add portopening protocol = TCP port = 3389 name = RemoteDesktop mode = ENABLE scope = CUSTOM addresses = %Network1%
REM Allow BackupExec from Local Subnet only
netsh firewall add portopening protocol = TCP port = 10000 name = BackupExecAgent mode = ENABLE scope = SUBNET
REM Turn on logging of dropped packets
netsh firewall set logging filelocation = %windir%pfirewall.log maxfilesize = 4096 droppedpackets = ENABLE
REM Clear variables:
set Network1=
set Network2=
set Network3=
The logfile generates too much useless information, especially if you use DHCP on your network, but it also shows that you didn’t waste your time configuring it:
2006-08-11 05:36:28 DROP TCP 67.108.111.43 192.168.1.130 27726 1433 48 S 3572543340 0 65535 - - - RECEIVE