[ Serbiankum @ 23.05.2011. 09:05 ] @
Dakle,

Ideja mi je da uz pomoc ovog firewall-a blokiram pristup internetu a da omogucim (otvorim) odredjene portove za remote desktop.

Dakle koristio bi VNC i Dyndns client.

Kako da napravim to pravilo da blokiram ceo saobracaj sem portova potrebnih za remote konekciju.
Komp je win xp

Hvala,

Pozdrav
[ Serbiankum @ 25.05.2011. 13:01 ] @
evo resenja:


On the computer you wish to connect to: (this is using standard UVNC ports, if you have chosen different ports substitute them where necessary)

1. Open The CIS control panel from the system tray
2. Select Network Security Policy
3. Select Port sets
4. Select Add and give the new port set a name (VNC)
5. select the new port set and select Add
6. Choose Single port and add 5800
7. Repeat for 5900
8. you may also wish to add 5500 if used
9. select OK

Now select Global rules and remove any rules currently in use and create a new rule:

Action - Allow
Protocol - TCP
Direction - IN
Source Address - ANY or the address of the computer you're connecting from
Destination Address - ANY or the MAC address of the PC
Source Port - ANY
Destination Port - Choose a set of ports and select the port set you created earlier.

Create another rule below this:

Action - Block and log
Protocol - IP
Direction - IN
Source Address - ANY
Destination Address - ANY
IP Details - ANY

Now create an Application rule for winvnc.exe (remove any rules currently in use)

Application Name - winvnc.exe
Action - Allow
Protocol - TCP
Direction - IN
Source Address - ANY or the address of the computer you're connecting from
Destination Address - ANY or the MAC address of the PC
Source Port - ANY
Destination Port - Choose a set of ports and select the port set you created earlier.

Create another rule below this:

Application Name - All Applications (Add/Select/File Groups/All Applications)
Action - Block and log
Protocol - IP
Direction - OUT
Source Address - ANY
Destination Address - ANY
IP Details - ANY