Open main menu

Changes

Configuring Windows XP firewall

1,916 bytes added, 23:04, 24 November 2010
Added information on and examples of check conditions for rules pertaining to particular ports, and adjusted a preposition
netsh firewall set service fileandprint enable
It is enough to execute those commands only once, as the settings will survive the reboot, so you may use ''execute="once"''. If you want to use check conditions to notice if someone has changed a rule, look in <code>HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\</code> for rules that involve opening particular ports.
==ExampleExamples==
To open e.g. port 22 in the Windows XP firewall, you have to execute the following:
netsh firewall add portopening TCP 22 SSH enable subnet
On In packages.xml you should add a line like below:
<source lang="xml">
<package
This is useful if you want to run a SSH server (i.e. [[freeSSHd]]), but still want to have your firewall enabled.
 
To add a rule to open 143/tcp to a particular network and to notice if someone changed your settings, the following can be used:
 
<source lang="xml">
<!-- Rule present and turned on -->
<package
id="fw-143-example-on"
name="Firewall: IMAP example on"
revision="1"
reboot="false"
priority="0">
 
<check type="registry" condition="equals" path="HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\143:TCP" value="143:TCP:192.0.2.0/255.255.255.0:Enabled:IMAP example" />
 
<install cmd='netsh firewall add portopening TCP 143 "IMAP example" ENABLE CUSTOM "192.0.2.0/255.255.255.0"'>
<exit code="0" />
</install>
 
<remove cmd='netsh firewall remove portopening TCP 143'>
<exit code="0" />
</remove>
</package>
 
<!-- Rule present but turned off -->
<package
id="fw-143-example-off"
name="Firewall: IMAP example off"
revision="1"
reboot="false"
priority="0">
 
<check type="logical" condition="not" />
<!-- Depending on what you're trying to accomplish, you may want to check merely the existence of an entry for 143:TCP -->
<check type="registry" condition="equals" path="HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\143:TCP" value="143:TCP:192.0.2.0/255.255.255.0:Enabled:IMAP example" />
</check>
 
<install cmd='netsh firewall add portopening TCP 143 "IMAP example" DISABLE CUSTOM "192.0.2.0/255.255.255.0"'>
<exit code="0" />
</install>
 
<remove cmd='netsh firewall remove portopening TCP 143'>
<exit code="0" />
</remove>
</package>
 
</source>
 
[[Category: Silent Installers]]
[[Category: Changing Windows settings]]
Anonymous user