Export (0) Print
Expand All

Step 3: Allowing Inbound Traffic to a Specified TCP or UDP Port

Published: November 2, 2007

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

In the previous step, you created a rule that allows unsolicited inbound network traffic only to the Telnet Server service. However, it is considered a best practice to also limit the traffic to only those TCP or UDP ports that the service actually uses. In the case of a standard Telnet deployment, only TCP port 23 is required.

In this procedure, you refine the Telnet exception rule to limit the allowed inbound network traffic to TCP port 23 only.

  1. On MBRSVR1, in Group Policy Management Editor for your server GPO, click Inbound Rules.

  2. In the results pane, right-click Allow Inbound Telnet, and then click Properties.

  3. Click the Protocols and Ports tab.

  4. In Protocol type, click TCP. Note that the Protocol number automatically changes to 6.

  5. In the Local port list, click Specific Ports.

  6. In the text box directly under Local Port, type 23.

  7. Click OK to save your changes.

In this procedure, you test the modified rule.

  1. On MBRSVR1, at Administrator: Command Prompt, run gpupdate /force. Wait until the command finishes.

    Because the Telnet service on MBRSVR1 is still configured to listen on port 25, the service should not be able to receive any traffic.

  2. On CLIENT1, at a command prompt, run telnet mbrsvr1 25.

    The command times out and fails because the firewall on MBRSVR1 now blocks all inbound traffic to the Telnet service except port 23.

  3. On MBRSVR1, at the Administrator: Command Prompt, run tlntadmn config port=23 to restore the service to the default port number.

  4. On CLIENT1, at the command prompt, run telnet mbrsvr1.

    The command succeeds because the firewall allows inbound network traffic to port 23 to the Telnet service which is configured to listen on that port.

  5. Close the Telnet session by typing exit, and then pressing ENTER.


Next topic:  Step 4: Allowing Inbound Network Traffic that Uses Dynamic RPC

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft