HCHTech
Well-Known Member
- Reaction score
- 3,848
- Location
- Pittsburgh, PA - USA
I've been playing around with scripting firewall rules in my RMM. In today's exercise, I'm trying to add a rule to allow traffic from a different subnet (for example, when the wifi is on a different subnet than the LAN, the Windows firewall will block traffic between the two subnets by default.) The following will create a rule to allow traffic (and backup the settings both before and after):
Since this would allow all traffic, I'm wondering if I'm being too flexible here and should be limiting my rule to ports 139 & 445, for example. OTOH, we always create a guest wifi network that is separated from the "private" wifi, so maybe I need to be less concerned. This would obviously be in a non-server environment, where a GPO would be a more efficient solution.
What do you think?
Code:
netsh advfirewall export "c:\temp\beforenewrule.wfw"
netsh advfirewall firewall add rule name="TestScopeRule" dir=in action=allow profile=private localip=192.168.0.0/24
netsh advfirewall export "c:\temp\afternewrule.wfw"
Since this would allow all traffic, I'm wondering if I'm being too flexible here and should be limiting my rule to ports 139 & 445, for example. OTOH, we always create a guest wifi network that is separated from the "private" wifi, so maybe I need to be less concerned. This would obviously be in a non-server environment, where a GPO would be a more efficient solution.
What do you think?