[WindowsFirewall.portopening_name] (Unattended Installation) (Unattended Installation)
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The [WindowsFirewall.portopening_name] section contains entries for configuring Windows Firewall.
When in normal operation, Windows Firewall statically opens ports that are included in its current profile's exceptions list. It is generally recommended that programs be added to the exceptions list, instead of statically opening ports. This enables Windows Firewall to open and close ports dynamically and to minimize the number of ports open at any one time. There are scenarios in which ports need to be opened statically. For example, a static port may need to be opened in order for a Windows service to receive unsolicited, incoming traffic. To support these scenarios, you have the ability to add static ports to the Windows Firewall Exceptions list by using the [WindowsFirewall.portopening_name] section. You must add this section to the [WindowsFirewall.profile_name] section.
The [WindowsFirewall.portopening_name] section contains entries for adding services to the Windows Firewall Exceptions list.
Answer File Entries for the [WindowsFirewall. portopening_name ] Section
Entry | Description |
---|---|
Protocol |
Specifies the protocol of a port. A port is specified by the combination of a protocol and a port number. The protocol must be either TCP or UDP. |
Port |
Specifies the port number. A port is specified by the combination of a protocol and a port number. The port number must be between 1 and 65535 inclusive. |
Name |
Specifies the friendly name of a port to be added to the Windows Firewall Exceptions list. This descriptive name is used to represent the entry for Windows Firewall in Control Panel. |
Mode |
Specifies whether to enable or disable an entry in the Windows Firewall Exceptions lists. |
Scope |
Defines the set of limits on which computers (IP addresses) are allowed to send traffic through the specified exception. The value of the Mode entry must equal 1 (On). |
Addresses |
Specifies the addresses for an entry in the Windows Firewall Exceptions list. |
[WindowsFirewall.WebService]
Protocol= 18
Port = 80
Name = Web Server (TCP 80)
Mode = 1
Scope = 2
Addresses = 192.168.0.5,LocalSubnet
Specifies the protocol of a port. A port is specified by the combination of a protocol and a port number. The protocol must be either TCP or UDP.
Protocol = 6 | 17 | 18
Value | Description |
---|---|
0 |
Specifies a TCP port. |
17 |
Specifies a UDP port. |
18 |
Specifies both TCP and UDP type ports. |
Protocol = 18
The default value is 18. This is a required entry.
Specifies the port number. A port is specified by the combination of a protocol and a port number. The port number must be between 1 and 65535 inclusive.
Port = port_number
Value | Description |
---|---|
port_number |
Specifies the number of the port. |
Port = 80
This is a required entry.
Specifies the friendly name of the port that is used to represent this entry for Windows Firewall in Control Panel.
Name = port_name
Value | Description |
---|---|
port_name |
Specifies the name of the port. |
Name = Web Server (TCP 80)
This is a required entry. The friendly name should provide an indication of why the port is statically opened, such as Web Server (TCP 80) or Telnet Server (TCP 23).
Specifies whether an entry added to the Windows Firewall Exceptions list is either enabled or disabled.
Mode = 0 | 1
Value | Description |
---|---|
1 |
Enables an entry in the Windows Firewall Exceptions list. |
0 |
Disables an entry in the Windows Firewall Exceptions list. |
Mode = 1
The default value is 1. This is a required entry.
Defines the set of limits on which computers (IP addresses) are allowed to send traffic through the specified exception. The value of the Mode entry must equal 1 (On).
Scope = 0 | 1 | 2
Value | Description |
---|---|
0 |
Enables unsolicited, incoming traffic with no limitations. Any computer can send traffic through this exception. |
1 |
Enables unsolicited, incoming traffic that matches the exception from any computer on the same subnet as the network connection on which the traffic was received through Windows Firewall, while dropping unsolicited, incoming traffic from all other computers. |
2 |
Defines a custom scope, which is a collection of IP addresses and subnets. Unsolicited, incoming traffic that matches the exception and originates from a computer in the defined collection is enabled through Windows Firewall. |
Scope = 0
The default value is 0. When opening a port, the set of IP addresses from which the unsolicited, incoming traffic is enabled can be defined by using this entry.
Specifies the IP addresses in the Scope entry.
Addresses = IP_address1, IP_address2
Value | Description |
---|---|
IP_addresses |
Specifies the IP addresses in the Scope entry. |
Addresses = 192.168.0.5,LocalSubnet
This entry is ignored unless the Scope entry is set to 2.