DLINK 2750B - Entering Custom Firewall Rules

Similar Messages

• Add firewall rule with custom environment variable in program path

  Hi,
  We want to create a firewall rule for a program which is placed in folder which changes sometimes. I know you can add a firewall with the ProgramFiles environment variable like this:
  netsh advfirewall firewall add rule name="Test Firewall rule" dir=in program="%%ProgramFiles%%\Test\Test.exe" action=allow security=notrequired
  The environment variable ProgramFiles isn't expanded and if the Program Files folder is different on a system the rule still works.
  We try to use this with a custom environment variable which we set a system environment variable with this command:
  SETX SomeFolder "D:\Some Folder\Apr 2015" /M
  If we use the command below to add the firewall rule in a batch file the environment variable SomeFolder is expanded correctly and the program path is added as a static path.
  netsh advfirewall firewall add rule name="Some Firewall Rule" dir=in program="%SomeFolder%\AFile.exe" action=allow security=notrequired
  Because the folder changes sometimes we want to change the environment variable SomeFolder and not remove the old firewall rule and create a new one. We want to add the environment variable SomeFolder to the program path as a (dynamic) environment variable
  and not as the expanded path at the moment when the rule is added. If we use this command:
  netsh advfirewall firewall add rule name="Some Firewall Rule" dir=in program="%%SomeFolder%%\AFile.exe" action=allow security=notrequired
  We get the error:
            Windows Firewall with Advanced Security
            An error occurred while adding the rule.
            Error: The parameter is incorrect
            Status: The application name could not be resolved
            OK   
  Why can't we use %%SOMEFOLDER%% like we can use %%PROGRAMFILES%%? The same error is shown when we try to add the firewall rule through the management console 'Windows Firewall with Advanced Security'
  W. Spu

  Hi,
  Based on my plenty of test with this problem, it seems like there is no better method to achieve your requirement. To add new policy to firewall, it would be better using general cmdlet. The path parameter like %%SomeFolder%% do have problem in add firewall
  policy cmdlet. 
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• 0x8007000e (E_OUTOFMEMORY) while adding a firewall rule using the windows firewall COM API

  Hello,
  Configuration: Windows Embedded 8 64-bit.
  I'm using the Windows Firewall with Advanced Security COM API. The program uses the INetFwRules interface. Basically, I'm using the following code (Form the code sample available here : http://msdn.microsoft.com/en-us/library/windows/desktop/dd339604%28v=vs.85%29.aspx.)
   I get the error when performing "hr = pFwRules->Add(pFwRule);".
  We can also encounter the problem when removing a rule (using pFwRules->Remove(ruleName);)
  HRESULT hrComInit = S_OK;
  HRESULT hr = S_OK;
  INetFwPolicy2 *pNetFwPolicy2 = NULL;
  INetFwRules *pFwRules = NULL;
  INetFwRule *pFwRule = NULL;
  long CurrentProfilesBitMask = 0;
  BSTR bstrRuleName = SysAllocString(L"SERVICE_RULE");
  BSTR bstrRuleDescription = SysAllocString(L"Allow incoming network traffic to myservice");
  BSTR bstrRuleGroup = SysAllocString(L"Sample Rule Group");
  BSTR bstrRuleApplication = SysAllocString(L"%systemroot%\\system32\\myservice.exe");
  BSTR bstrRuleService = SysAllocString(L"myservicename");
  BSTR bstrRuleLPorts = SysAllocString(L"135");
  // Initialize COM.
  hrComInit = CoInitializeEx(
  0,
  COINIT_APARTMENTTHREADED
  // Ignore RPC_E_CHANGED_MODE; this just means that COM has already been
  // initialized with a different mode. Since we don't care what the mode is,
  // we'll just use the existing mode.
  if (hrComInit != RPC_E_CHANGED_MODE)
  if (FAILED(hrComInit))
  printf("CoInitializeEx failed: 0x%08lx\n", hrComInit);
  goto Cleanup;
  // Retrieve INetFwPolicy2
  hr = WFCOMInitialize(&pNetFwPolicy2);
  if (FAILED(hr))
  goto Cleanup;
  // Retrieve INetFwRules
  hr = pNetFwPolicy2->get_Rules(&pFwRules);
  if (FAILED(hr))
  printf("get_Rules failed: 0x%08lx\n", hr);
  goto Cleanup;
  // Create a new Firewall Rule object.
  hr = CoCreateInstance(
  __uuidof(NetFwRule),
  NULL,
  CLSCTX_INPROC_SERVER,
  __uuidof(INetFwRule),
  (void**)&pFwRule);
  if (FAILED(hr))
  printf("CoCreateInstance for Firewall Rule failed: 0x%08lx\n", hr);
  goto Cleanup;
  // Populate the Firewall Rule object
  pFwRule->put_Name(bstrRuleName);
  pFwRule->put_Description(bstrRuleDescription);
  pFwRule->put_ApplicationName(bstrRuleApplication);
  pFwRule->put_ServiceName(bstrRuleService);
  pFwRule->put_Protocol(NET_FW_IP_PROTOCOL_TCP);
  pFwRule->put_LocalPorts(bstrRuleLPorts);
  pFwRule->put_Grouping(bstrRuleGroup);
  pFwRule->put_Profiles(CurrentProfilesBitMask);
  pFwRule->put_Action(NET_FW_ACTION_ALLOW);
  pFwRule->put_Enabled(VARIANT_TRUE);
  // Add the Firewall Rule
  hr = pFwRules->Add(pFwRule);
  if (FAILED(hr))
  printf("Firewall Rule Add failed: 0x%08lx\n", hr);
  goto Cleanup;
  This works pretty well but, sometimes, at system startup, adding a rule ends up with the error 0x8007000e (E_OUTOFMEMORY) ! At startup, the system is always loaded cause several applications starts at the same time. But nothing abnormal. This is quite a random
  issue.
  According MSDN documentation, this error indicates that the system "failed to allocate the necessary memory".
  I'm not convinced that we ran out of memory.
  Has someone experienced such an issue? How to avoid this?
  Thank you in advance.
  Regards, -Ruben-

  Does Windows 8 desktop have the same issue? Are you building a custom WE8S image, or are you using a full WE8S image? The reason I ask is to make sure you have the modules in the image to support the operation.
  Is Windows Embedded 8.1 industry an option?
  www.annabooks.com / www.seanliming.com / Book Author - Pro Guide to WE8S, Pro Guide to WES 7, Pro Guide to POS for .NET

• ISA 550 Firewall Rule - how to specify a domain (to resolve a DDNS)

  I want to lock down access to an ISA 550 Firewall to 4 locations.  2 of the locations have dynamic IP addresses.
  Both sites have a dynamic domain maintained at no-ip.org.
  How can I enter 'name.no-ip.org' in to a firewall rule?

  There is not a way to use a domain name in a firewall rule.  When the traffic comes in the packets are addressed with IPs, not with domain names, so when the router looks things up it compares IP addresses. 
  In fact I have never seen this done, even on an enterprise device.  I'm not saying nothing can do it, but it definitely isn't possible with the ISA. 
  Your best bet would be to try and get some static IPs for those two sites as well.
  It is however possible to setup site-to-site VPNs between these devices even if some of them are using DDNS.  This does require those other site's routers to support site-to-site tunnels.  That way those four sites would be able to access resources behind the ISA, but no one else would, and you could still keep using the DDNS for the two dynamic sites.
  Thank you for choosing Cisco,
  Christopher Ebert
  Network Support Engineer - Cisco Small Business Support Center
  *please mark/rate helpful answers*

• Server 2008 r2 setting up firewall rule that just doesn't work!

  I have allocated static ip addresses to a group of PCs, then gone to Server 2008 r2 and gone to Windows firewall with advanced security and written a new custom rule. Am blocking internet explorer, have browsed to where it is lodged on PCs, added the ip
  addresses for blocking, in fact followed a detailed set of instructions but it just doesn't work! I am at a loss as to why, can anyone help please, driving me mad now! Thanks.

  Are you applying ADV firewall rules through GPO. If not then you need to create block rules on the clients i think. but I would create a block rule in GPO and link to these PC's OU.

• Need to reset my DLink 2750B about 3-4 times a day.

  Well, It has been a few months since I posted about the same problem here. About 3-4 times a day (almost always when I am online), I lose my internet connection in the entire house. All I have to do is unplug the modem, wait 15 seconds, plug it back in, and everything is fine. A few hours later, rinse and repeat. I have called Verizon several times about this issue. The last time, I wasted about 2 hours of my evening. One of the "customer service" reps had me repeat all of the test that I had already done myself, only to arrive at the same result. She transferred me to "tech support", and I spent an hour on the phone with someone else, repeating the same tests over again. Guess what - same result. I was told that a Supervisor would call me within 2 hours. Clearly, this was just to get me off the phone, because nobody called. Now, here we are, 5 months later, and the same modem, same problem. No way I am wasting another 2 or 3 hours repeating the same steps all over again, I will just end up going off on some rep who really doesn't belong in that position. I just thought I would post another example of the "fine" customer support we have all come to expect from Verizon. I will now go on eBay, to see if I can find another Verizon modem for sale, because Verizon won't even let me purchase a better modem. Good luck with your concerns, I hope you have better luck than I did.

  Not sure if you will see this, but it's somewhat refreshing to see that others are having similar issues and that it's not just me. My Dlink 2750B needs a reboot every couple days so I guess I should count my blessings...
  I spent about 45 minutes on the phone with support doing the same tests as have been done multiple times on my line, (no issues found) and finally convinced them that I was having a modem issue, not a DSL issue.
  My modem would keep the internet light on solid green even if I unplugged the DSL line. all my devices would be locked out (no connection) and when attempting to connect, the device would bounce between "authenticating" and "obtaining IP" until it finally failed.
  Received a new Actiontec from verizon (free) to replace the Dlink. This morning, sure as can be, the modem locked us out.
  As I stood in front of it thinking "yay.... this crap again" ready to install the Actiontec, it rebooted on it's own. Connections are good, speed is good.... ~sigh~
  I would like to know what you mean by "signal is better" with the Actiontec. Do you mean more range or faster speeds when comparing to the 2750?

• RV120W Firewall Rules

  Hi,
  I have several problems with RV120W Wireless-N VPN Firewall :
  1 - I can't delete firewall rules from web interface, when I try, a error "Selected firewall rule(s) deletion has failed" (cf attache file)
  2 - I want to be able to send ping (or others) to a wifi connected device from WAN, i have a rule to allow all traffic from wan to lan in any protocol. When i try to send ping lan interface, there is impossible.
  Thanks,
  Benoit MENARD

  Dale,
  what address are you using to access the internal company websites (IP address or domain name). More than likely, port forwarding rules need to be configured for port 80 to go to internal address of the web server.In order to configure rules for services not available in the list, you wll need to create a custom service. After the service is created it will appear at the bottom of the services list. If you need further assistance you may have to call 1.866.606.1866 and open a support ticket.
  Blake Wright
  Cisco SBSC Network Engineer

• SQL firewall rule to restrict traffic from only one Azure PaaS website

  Hi,
  I have been asked to configure the firewall on the SQL PaaS instance to only allow traffic from a specified PaaS website that is within the same subscription. I can't see any way to set a static internal IP for the website, is there a way to identify it
  for the purpose of the SQL Database firewall rule?
  Thanks,
  Karina

  Hi Karina,
  If you used Azure Vm, you could set ta static internal IP for your VM. And you can host your website on VM.https://msdn.microsoft.com/en-us/library/azure/dn630228.aspx
  But for Azure Website service, I think you may not set the internal IP. But I think you can try to add the website server into your allow rule list if you used the basic or standard mode website.
  BTW, I suggest you can post this issue on SQL Azure forum for more helps:
  https://social.msdn.microsoft.com/forums/azure/en-US/home?forum=ssdsgetstarted
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• RV220W Firewall Rules reordering

  How do I reorder firewall rules? I have used the reorder button and then ordered the rules. I then SAVE and the report is Operation Succeeded. The screen stays on the Reorder screen.
  If I go into some other screen and come back to Access Rules I find that the rule order is unchanged. So I select Reorder and the reorder screen comes back showing the new rules order. I now have 2 screens I can go to. The main "Access Rules" and the reorder "Access Rules". These 2 panels show the rules in different order.
  If I reboot the router the reordered rules are lost.
  There appears to be no way to reorder the rules.
  Firmware version is 1.0.4.17
  Any ideas?
  David

  After experimenting a bit further it seems as though there are 2 relevant firewall rule tables. The first one is the one that you see in Access Rules. It seems to show the all the rules in the order that you enter them. When you select "Reorder" you get another table with a list of priorities. This is the table that shows the rules in the order that they will be executed. This order is NOT the same as the first table and the first table order WILL NOT CHANGE as the rules are reordered.
  Now that I know this, it is OK - the doc could have been a bit clearer as this is not consistent with other small routers (at least in my experience!). I also found that when I had been altering a few rules I needed to reboot the router before the rules would work properly.
  Other than that - no problems so far (cross fingers!)
  David

• Home Hub 5 firewall rules and TP Link routers

  I am not yet a BT customer but am looking to sign up for Infinity and I understand I will get a Home Hub 5 unit ... however I would prefer to use my TP-Link AC1750 which has proven to be excellent with it's WIFI signal. My TP-Link is a cable version, not the ADSL version.
  I understand the HomeHub 5 now contains the VDSL modem built in (rather than separate) so I suspect I'll need to hang my TP-Link off one of the HomeHub 5 Gbe ports and disable Wireless on the Home Hub. Has anyone tried this? Do you know if the firewall rules can be set to put my TP Link in a "DMZ" , i.e. no firewall protection, because I'd prefer to do that as my TP Link is a router/firewall combined and it will make it easier for getting my VPN ports working etc.
  Alternatively do you know if the cable you would normally plug into the HomeHub5 "Broadband WAN" plug is just straightforward Gbe, i.e so I can put it straight into my TP Link and not use the HomeHub 5 at all?
  Thanks
  Solved!
  Go to Solution.

  Keith,
  Thanks very much for your reply. So I can't use the HomeHub 5 as a cable modem, but do you know what kind of broadband/WAN connection BT OpenReach provide that goes into the HomeHub? Is that straight-forward Gbe that I could probably plug into my TP Link, as it's designed to take a Gbe connection? (Currently it is connected into one of the LAN ports of my ADSL router/modem/firewall device as I'm still on ADSL but was planning my upgrade to Infinity)
  Alternatively, I could connect my TP Link into one of the Home Hub 5 LAN ports, so long as I can designate that port as a DMZ port (i.e. no firewall protection) so that my TP Link will be the only one controlling the firewall rules. Is it possible to make one port, or one device a DMZ device on the Home Hub 5?
  Thanks

• SA520 Firewall Rule cannot block HTTP

  Hi All,
  We are currently encountering a firewall rule problem. The following are the steps we
  have done so far:
  Default Outbound Policy: Allow Always
  IPV4 Rules - Delete all firewall rules we have created and made a single firewall rule to block
                              outbound HTTP for a single IP Address
                   - Delete all firewall rules we have created and made a single firewall rule to block
                              outbound HTTP for a range of IP Address
                   - Tried making "Block by schedule" Action on port HTTP on a single and a
                               range of IP Addresses
                   - We have tried blocking HTTPS / POP3 / SMTP / IMAP and was successfully
                               blocked but not on HTTP
  Services - Created a Custom Service blocking Port 1-65535 but still workstation can still access the internet.
  MAC Filtering - Checked MAC address filtering and Policy for MAC Addresses listed below is set to
                                Block and Permit the Rest and added the MAC address of  the workstation we want to block
                                still the workstation can access the internet.
  IP/MAC Binding - We have also binded the MAC Address and IP Address
  Content Filtering - Only content filtering works - blocked URL
  We have also tried doing all the IPV4 Rules with the Default Outbound Policy: Block Always and all
  the firewall rules action set to allow only those services that needs to be permitted.
  Still blocked workstations can still access the internet.
  Firmware Version: 1.1.42
  Thanks
  Karl

  Hi Karl,
  This looks like a bug in build 1.1.42. Please upgrade your
  image to the latest build 2.1.18 which fixes the problem.
  Let me know if the upgrade helps.
  Regards,
  Wei

• Quality Management: Check Massage on entering Dynmaic Modification Rule

  Hi,
  I'm trying to enter 'Dynamic Modification Rule'.(TrCD: QDR1)
  I found somthing to work out.
  Do anyone have a hint on this?
  In the screen of 'Insspection Stages', I entered some data and clicked 'Save', the following massages appeared.
  "Either enter an inspection severity or set the skip indicator
  Message no. QD505
  Diagnosis
  For an inspection stage you either assign an inspection severity or set the skip indicator.
  You can only assign inspection severities that have been defined as permitted inspection severities in Customizing."
  So, I checked this IMG setting;
    IMG Menu
    > Quality Management > Quality Planning > Basic Data
    > Sample, SPC > Define Inspection Severities
  But, setting there was the same data I entered on the QDR1.
  The 'Inspection Severities' data I set was these;
     1     Inspection without sampling scheme
     2     Reduced inspection
     4     Normal inspection
     6     Tightened inspection
  Regards,
  Katsumi Makabe

  Hi
  Please check again following in inspection stage
  Example skip at every 5 bacthes
  Stage Insp Sev  Skip   1st    Short text    Stag Cha    No
  10      4               X    Start          X            1
  20               X           Skip           X           4
  regards
  Srinivas

• How to reload firewall rules from command line on firewall ?

  Hi all,
  I am trying to create script that controls firewall on server. OS version is OS X Server 10.5.6.
  Part of firewall rules is created using firewall admin tools, part of Server Admin Tools. My first question is where are those rules stored permanently ? As far as I understood it should be set of ipfw rules but they are not stored in /etc/ipfilter/ipfw.conf.
  Idea of script is this:
  I have set of rules that should be controlled by Server Admin Tools.
  Also, I have some dynamic rules.
  Whenever some change occurs, I created script that does following:
  /sbin/ipfw -f flush - to flush all existing rules
  /sbin/serveradmin stop ipfilter - to stop existing firewall
  /sbin/serveradmin start ipfilter - to restart firewall and reload permanent rules
  Add my set of rules...
  After flushing all rules and issuing stop and start ipfilter none of rules set through Server Admin Tools are not reloaded. So how should I reload them ? How to save them permanently in the first place ?
  Please note that I do not have access to server (for security reasons). I am developing script on my Mac, sending to client and he tests it. So I cannot do a lot of testing.
  Thank you in advance.
  Best regards,
  Dusan

  Unix and Terminal queries are best posted to the Unix forum under OS X Technologies where those mavens frolic.

• Projects Release  - Error: Enter a Distribution Rule for Asset without val

  Hi Experts ,
  While Releasing Projects , we got error :
  Enter a Distribution Rule for Asset without a Validity limit.
  Message No : KD059.
  Diagnosis:
  The settelement Profile used requires you to define a distribution rule for asset . For period 005 , 2009 , however not created a distribution rule for Asset.
  We gave checked Settelement Profile , still we are not clear what settings is causes for this error ,
  Please throw some light on if some one come across ...
  Regards,
  Sujana

  check out OSS note 115618

• Can't add a new Firewall Rule

  I have a very curious issue: I cannot add any new firewall rules at all! Clicking on the New Button does nothing and on the console I get
  System Preferences[487] * -[NSCFString objectForKey:]: selector not recognized [self = 0x3f11b0]
  I have flushed the firewall with ipfw, deleted the plist file, repaired permissions but the problem ist still there. Any suggestions? (apart from reinstallation)
  Adding Firewall Rules through ipfw works...

  Whenever I use ipfw I lose the ability to use System Preferences. At first I thought that it compared kernel memory with the plist file and if it found a difference, assumed another firewall was running and disabled itself. But I also deleted the plist file (assuming it would build one from kmem) but that didn't work. Right now I assume there's another file somewhere. It wouldn't make any sense to keep another table in kmem. The weird part is that rules can be the same, but different sequence numbers will cause this problem. There weren't sequence numbers in the plist file, so there's probably another file somewhere.
  I think your error is from the missing plist file. A reboot should clear it up.