Step 3: Allowing Inbound Traffic to a Specified TCP or UDP Port
Updated: December 7, 2009
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
In the previous step, you created a rule that allows unsolicited inbound network traffic only to the Telnet Server service. However, it is considered a best practice to also limit the traffic to only those TCP or UDP ports that the service actually uses. In the case of a standard Telnet deployment, only TCP port 23 is required.
In this procedure, you refine the Telnet exception rule to limit the allowed inbound network traffic to TCP port 23 only.
To configure the rule to limit traffic to a specific port
On MBRSVR1, in Group Policy Management Editor for your server GPO, click Inbound Rules.
In the results pane, right-click Allow Inbound Telnet, and then click Properties.
Click the Protocols and Ports tab.
In Protocol type, click TCP. Note that the Protocol number automatically changes to 6.
In the Local port list, click Specific Ports.
In the text box directly under Local Port, type 23.
Click OK to save your changes.
In this procedure, you test the modified rule.
To test your modified rule
On MBRSVR1, at Administrator: Command Prompt, run gpupdate /force. Wait until the command finishes.
Because the Telnet service on MBRSVR1 is still configured to listen on port 25, the service should not be able to receive any traffic.
On CLIENT1, at a command prompt, run telnet mbrsvr1 25.
The command times out and fails because the firewall on MBRSVR1 now blocks all inbound traffic to the Telnet service except port 23.
On MBRSVR1, at the Administrator: Command Prompt, run tlntadmn config port=23 to restore the service to the default port number.
On CLIENT1, at the command prompt, run telnet mbrsvr1.
The command succeeds because the firewall allows inbound network traffic to port 23 to the Telnet service which is configured to listen on that port.
Close the Telnet session by typing exit, and then pressing ENTER.