How to allow all traffic from 1 IP address Windows Firewall

2

1

I am trying to give another PC completely unrestricted access to my machine. They are both on the same subnet. What I am looking for is effectively disabling the firewall entirely for one IP address.

Example

Host: 192.168.1.2

Client: 192.168.1.3 Firewall "off"

World: xxx.xxx.xxx.xxx Firewall "on"

To be specific I am running "Easy"PHP as a testing server for websites and want to access them from other machines on my network. After tinkering I figure the method suggested in my question would be best to make things actually easy.

PS. I have already tried opening all ports both inbound and outbound to that IP with no results. My only current success has been actually turning the whole firewall off.

foochow

Posted 2013-06-26T15:41:36.687

Reputation: 195

Question was closed 2013-06-29T09:58:17.790

1

This is essentially http://superuser.com/questions/231358/allowing-ip-range-in-windows-firewall with a range of one IP :)

– Squeezy – 2013-06-26T15:43:27.733

1

@Foo_Chow Follow the answers for this question just select allow instead of block http://superuser.com/questions/268902/how-to-block-all-traffic-but-oneip-in-windows-firewall?rq=1

– Ramhound – 2013-06-26T15:43:59.750

@Squeezy not even close to a dupe. That is what I tried in the PS. section. Didnt work. Im looking for complete disabling to one IP. – foochow – 2013-06-26T15:59:05.163

1You can not disable it for one IP, however accepting ANYTHING for that IP should not result in the firewall blocking traffic anymore. Please show the configuration you attempted. – Squeezy – 2013-06-26T16:02:45.117

@Squeezy link All other settings are all or any where applicable; done for both in and outbound

– foochow – 2013-06-26T16:12:43.610

2You are configuring the firewall on the host, please set Local IP address to any, and remote IP address to the one you want to give access. The configuration in that screenshot is valid, but useless. You have essentially configured access TO and FROM the same IPs. – Squeezy – 2013-06-26T16:15:17.443

Answers

6

At host 192.168.1.2 (Windows 7)

incoming 192.168.1.3 Firewall Off:

netsh advfirewall firewall add rule name="Firewall Off IP 192.168.1.3 Incoming" dir=in action=allow protocol=ANY remoteip=192.168.1.3

outcoming 192.168.1.3 Firewall Off:

netsh advfirewall firewall add rule name="Firewall Off IP 192.168.1.3 Outcoming" dir=out action=allow protocol=ANY remoteip=192.168.1.3

logging firewall dropped packets:

netsh firewall set logging droppedpackets = ENABLE

Install telnet client and check remote application:

telnet 192.168.1.3 <service port>

Check whether the current user is an administrator in the domain:

dsquery * -filter "(&(objectCategory=person)(objectClass=user)(name=%username%)(adminCount=1))" -attr name

Check whether the current user is an administrator on the local machine:

wmic NETLOGIN  Where (Caption="%username%" AND Privileges=2) get Caption, Name, NumberOfLogons, PrimaryGroupId, BadPasswordCount

STTR

Posted 2013-06-26T15:41:36.687

Reputation: 6 180

+1 for netsh. Also I love the term "outcoming" :D Please mention this needs to be done from with privileges. – Squeezy – 2013-06-26T16:18:43.173

Honestly I have no clue why this doesnt work for me. It clearly should, but I guess EasyPHP is messing with something... Not easy in the slightest – foochow – 2013-06-26T16:32:41.297

Ping works though. So at least the communication barrier is down – foochow – 2013-06-26T16:35:42.670

@Foo_Chow, unless the IPs are wrong for your environment it definitely should. You can try logging drops as specified in http://technet.microsoft.com/de-de/library/cc947815(v=ws.10).aspx to see why your traffic is dropped. Maybe that will show you what is happening.

– Squeezy – 2013-06-26T16:36:48.193

@Foo_Chow what say telnet 192.168.1.3 <service port> ? – STTR – 2013-06-26T16:57:35.340

Asked: 2013-06-26T15:41:36.687

Viewed: 28 541 times

Active: 2013-06-26T16:56:57.023