can block specific IP from firewall

Is it possible to block a specific IP from the file and print sharing of the
server firewall? Say I allow a block of network addresses in the exceptions
list. How can I block one of those IP's in that block?

 

Hello Biff

Yes you can.. But how will depend on what type of router you are using..You
can specifically block a single ip address

--
Isaac Oben [MCTIP:EA, MCSE]
"biff" <biff@discussions.microsoft.com> wrote in message
news:4B812A74-1A15-42ED-A58E-BBAC3BB5E3E8@microsoft.com...
> Is it possible to block a specific IP from the file and print sharing of
> the
> server firewall? Say I allow a block of network addresses in the
> exceptions
> list. How can I block one of those IP's in that block?

 

Can I block the IP address using the Windows 2003 server software? I just
want to block it from file and print sharing.

I didn't know if there was a way I could accomplish this in the firewall
exceptions list using special notation

"Isaac Oben [MCITP,MCSE]" wrote:

> Hello Biff
>
> Yes you can.. But how will depend on what type of router you are using..You
> can specifically block a single ip address
>
> --
> Isaac Oben [MCTIP:EA, MCSE]
> "biff" <biff@discussions.microsoft.com> wrote in message
> news:4B812A74-1A15-42ED-A58E-BBAC3BB5E3E8@microsoft.com...
> > Is it possible to block a specific IP from the file and print sharing of
> > the
> > server firewall? Say I allow a block of network addresses in the
> > exceptions
> > list. How can I block one of those IP's in that block?
>
>

 

On 04/16/09 14:40, biff wrote:
> Can I block the IP address using the Windows 2003 server software?

Are you talking about the "Windows Firewall / Internet Connection
Sharing" service built in to Windows or "ISA Server"?

> I just want to block it from file and print sharing.

Are you wanting to block file and printer sharing while allowing other
access from the problem IP(s) or can the IP(s) be blocked completely?

> I didn't know if there was a way I could accomplish this in the
> firewall exceptions list using special notation

We will need to know what you are using before we can say for sure.

A nasty little ""hack you can use is to ARP poison the IP in question on
the server so that when the server tries to reply to the IP in question,
it will not be able to.



Grant. . . .

 

I would be using the Windows Firewall built into Windows Server 2003.

I could block either all traffic or just file and print sharing from the
particular IP. The server is just a file server so the IP would not need to
access the server for anything else.

Other IPs should be able to connect to file and print sharing normally if
they are on the exceptions list.

"Grant Taylor" wrote:

> On 04/16/09 14:40, biff wrote:
> > Can I block the IP address using the Windows 2003 server software?
>
> Are you talking about the "Windows Firewall / Internet Connection
> Sharing" service built in to Windows or "ISA Server"?
>
> > I just want to block it from file and print sharing.
>
> Are you wanting to block file and printer sharing while allowing other
> access from the problem IP(s) or can the IP(s) be blocked completely?
>
> > I didn't know if there was a way I could accomplish this in the
> > firewall exceptions list using special notation
>
> We will need to know what you are using before we can say for sure.
>
> A nasty little ""hack you can use is to ARP poison the IP in question on
> the server so that when the server tries to reply to the IP in question,
> it will not be able to.
>
>
>
> Grant. . . .
>

 

On 4/16/2009 4:24 PM, biff wrote:
> I would be using the Windows Firewall built into Windows Server 2003.

Ok. (Its been too long and I can't tell you how to do it from memory at
the moment. Hopefully someone else can.)

> I could block either all traffic or just file and print sharing from
> the particular IP. The server is just a file server so the IP would
> not need to access the server for anything else.

Blocking any and all traffic to or from the IP will be easier than
blocking some (but not all) traffic. So blocking the IP all together
will make things easier. Also remember that just because the system is
a file / print server does not mean that it will not participate in
other aspects of a Windows network.

> Other IPs should be able to connect to file and print sharing
> normally if they are on the exceptions list.

Blocking by the single IP should not effect any of the other systems.



Grant. . . .

 

In article <4FB74480-9AF2-44BE-A3F2-F2297D4CEEBC@microsoft.com>,
biff@discussions.microsoft.com says...
> I would be using the Windows Firewall built into Windows Server 2003.
>
> I could block either all traffic or just file and print sharing from the
> particular IP. The server is just a file server so the IP would not need to
> access the server for anything else.
>
> Other IPs should be able to connect to file and print sharing normally if
> they are on the exceptions list.
>

It sounds like you have a problem USER, instead of a problem IP. Why not
apply standard security to shares to stop the problem?

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

 

Biff
If you need to block a specific ip get a router or some firewall app

--
Isaac Oben [MCTIP:EA, MCSE]
"biff" <biff@discussions.microsoft.com> wrote in message
news:4FB74480-9AF2-44BE-A3F2-F2297D4CEEBC@microsoft.com...
>I would be using the Windows Firewall built into Windows Server 2003.
>
> I could block either all traffic or just file and print sharing from the
> particular IP. The server is just a file server so the IP would not need
> to
> access the server for anything else.
>
> Other IPs should be able to connect to file and print sharing normally if
> they are on the exceptions list.
>
> "Grant Taylor" wrote:
>
>> On 04/16/09 14:40, biff wrote:
>> > Can I block the IP address using the Windows 2003 server software?
>>
>> Are you talking about the "Windows Firewall / Internet Connection
>> Sharing" service built in to Windows or "ISA Server"?
>>
>> > I just want to block it from file and print sharing.
>>
>> Are you wanting to block file and printer sharing while allowing other
>> access from the problem IP(s) or can the IP(s) be blocked completely?
>>
>> > I didn't know if there was a way I could accomplish this in the
>> > firewall exceptions list using special notation
>>
>> We will need to know what you are using before we can say for sure.
>>
>> A nasty little ""hack you can use is to ARP poison the IP in question on
>> the server so that when the server tries to reply to the IP in question,
>> it will not be able to.
>>
>>
>>
>> Grant. . . .
>>

 

On 04/17/09 11:39, Isaac Oben [MCITP,MCSE] wrote:
> If you need to block a specific ip get a router or some firewall app

Are you saying that the built in Windows Firewall will not do what the
OP is wanting to do?

Also, it sounds like the OP is wanting one IP subnet, so having a router
(layer 3 device) in place will not do much good unless it is doing more
of a layer 2 operation.



Grant. . . .