|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
10-02-2006, 03:48 PM
|
#1 |
|
Member (9 bit)
Join Date: Nov 2002
Posts: 502
|
Block internet access with windows firewall
is it possible to block the internet access of a pc using the windows firewall, for example block port 80, I tried using the exeptions option but it didn`t work.
|
|
|
|
10-02-2006, 04:26 PM
|
#2 |
|
Member (11 bit)
Join Date: Jul 2006
Location: England - UK
Posts: 1,227
|
You cannot block ports using Windows Firewall.
There are loads of free port blocking programs available on the net. This looks like a good one: http://www.dirfile.com/emsa_port_blocker.htm
__________________
** Custom Desktop: Core i3-530, 4GB Corsair RAM, 500GB WD HDD ** ** Netbook: HP Mini 210, N450, 2GB RAM** |
|
|
|
|
10-02-2006, 04:38 PM
|
#3 |
|
EGO MY LEGO
Join Date: Dec 2004
Location: Tatooine, Binary Star System
Posts: 1,740
  |
adding exceptions to the firewall will open up or allow, the xp firewall cant block requests, or shut down port 80 like a firewall would on a router, or a 3rd party firewall.
you could edit the host file to block certain websites simply by typing in the website and then adding the ip address of 127.0.0.1 you can navigate here and opening it with notepad C:\WINDOWS\system32\drivers\etc heres what the host file says once open # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 127.0.0.1 www.myspace.com remember it will only block the websites that you add here manually and by adding the ip address of 127.0.0.1. so for example say you want to block www.myspace.com cause you dont want your children going to that website, open up the host file and enter this on the line right below 127.0.0.1 Localhost: 127.0.0.1 www.myspace.com Obviously this would be a impossible to do it for every website but this is effective if you have a certain few that you want to block, or get a 3rd party firewall or router that can block port 80 if you want to block the whole web access altogether or limit it to certain times of the day. just make sure you dont give the user profiles you are trying to block access with admin rights, cause they can go in to the host file and delete all of your entry's you entered if they know how to locate it. Im not saying this is the best solution but something thats pretty easy to do if you are just wanting to block a certain few websites. or follow what tomkear2006 mentioned.
__________________
_______________________________________________________________________ Inspirion 8600/centrino 1.6ghz/1024mb ram/80gb hard drive hitachi/intel pro wireless 2200bg/15.4sxga/Ati 128mb Radeon Mobility 9600/xp pro w/sp2 dimension 4700/P4 2.8ghz 800mhz FSB/1.5 ddr2 ram PC 3200/2X160gb sata maxtor 8mb cache RAID 1/19 in dell flat panel/windows server 2003 Small Business Server standard edition SP1 w/Exchange SP2 Last edited by Ob1; 10-02-2006 at 04:41 PM. |
|
|
|
|
10-02-2006, 08:44 PM
|
#4 |
|
Staff
Premium Member
Join Date: Jul 1999
Location: Arlington, TN
Posts: 5,538
|
You can block it by setting the proxy server in IE to 127.0.0.1 and even allowing certain sites to bypass the proxy server. Unless you use Group Policy then they will be able to remove the proxy settings. I have it restricted at work to only allow one site, our local intranet site to be visited.
__________________
Want to Make $$$$ with your Computer? No Risk! Simply press shift-4 four times in a row |
|
|
|
|
10-02-2006, 09:19 PM
|
#5 |
|
EGO MY LEGO
Join Date: Dec 2004
Location: Tatooine, Binary Star System
Posts: 1,740
|
but that only blocks IE, what happens if your co-workers/employees download and install firefox or opera? what i mean is yes, you can set up the proxy in firefox and opera for 127.0.0.1, but there is no way to lock it down like you can with group policy on IE.
or Maybe there is some program or tweak on firefox to lock it down that i am not aware of, if so please let me know so i can implement this on a few pc's as well. Last edited by Ob1; 10-02-2006 at 09:36 PM. |
|
|
|
|
10-03-2006, 12:11 PM
|
#6 | |
|
Staff
Premium Member
Join Date: Jul 1999
Location: Arlington, TN
Posts: 5,538
|
Quote:
|
|
|
|
|
|
10-03-2006, 02:25 PM
|
#7 |
|
EGO MY LEGO
Join Date: Dec 2004
Location: Tatooine, Binary Star System
Posts: 1,740
|
i see what your saying, i was basing my thoughts on the pc having access to a cd rom drive to install it and or a flash drive, but it sounds like you have those pc's locked down. did you just disable the usb ports to prevent people from specifically using flash/thumb drives? Did you disable them manually on each machine or did you use a 3rd party tool like Securewaves SecureNT. your first sentence of how can they download it after you setup the proxy to 127.0.0.1, well that was just a brain fart, i guess i was assuming the computer already had firefox on it, since all of my pc's i use do, i just figured it was the norm now a days to have IE and FF installed on pc's, but i guess if you want to restrict internet access then that is not the case.
|
|
|
|
|
10-03-2006, 02:44 PM
|
#8 |
|
Staff
Premium Member
Join Date: Jul 1999
Location: Arlington, TN
Posts: 5,538
|
It's all done via Group Policy. There is a policy to restrict PnP. I just restrict access to all drives though and it never loads. The people on the machines can only run 2 programs along with IE which will take them to one site. It helps them make good choices about what they do.
|
|
|
|
|
10-03-2006, 09:19 PM
|
#9 |
|
brewer, mostly...
Join Date: Jun 2004
Location: Laying on the floor, in the brewery
Posts: 1,315
|
Excellent idea!!!
Sometimes simplicity is the answer... -Kev
__________________
Symantec-free zone. To stay malware free: AVG antivirus/antispyware, Malwarebytes anti malware, Commodo Pro free firewall, ccleaner, Windows updates. or.... just install Linux Too many computers in this house to list. They are all my builds, some AMD some Intel... |
|
|
|
|
10-05-2006, 11:34 AM
|
#10 |
|
Member (9 bit)
Join Date: Nov 2002
Posts: 502
|
I tried the port blocker, it is what I am looking for but it can`t be password protected, a user could simple stop the program and start to browsing the web, does anybody know a similar solucion but that can be password protected or simple be hided from the tray.
|
|
|
|
|
10-05-2006, 02:08 PM
|
#11 |
|
EGO MY LEGO
Join Date: Dec 2004
Location: Tatooine, Binary Star System
Posts: 1,740
|
whats wrong with doing mairving's idea of a proxy of 127.0.0.1 to block internet access?
just make sure that you put people on limited accounts so they can't change the proxy server settings of 127.0.0.1 and browse the internet again. |
|
|
|
|
10-06-2006, 12:35 PM
|
#12 |
|
Member (9 bit)
Join Date: Nov 2002
Posts: 502
|
the problem is that I can`t disable the cd-rom and usb ports because they are used, so if I block only IE they could install another browser.
|
|
|
|
|
10-06-2006, 02:49 PM
|
#13 |
|
EGO MY LEGO
Join Date: Dec 2004
Location: Tatooine, Binary Star System
Posts: 1,740
|
i believe you can block internet access by using this program
http://www.spectorsoft.com/products/...ows/index.html i had a co-worker install it for a companies front pc to block intenet access on it. i think it just blocked port 80 which would disable all browers. |
|
|
|
|
10-07-2006, 09:14 AM
|
#14 |
|
Staff
Premium Member
Join Date: Jul 1999
Location: Arlington, TN
Posts: 5,538
|
Maybe your best bet would be to buy a security appliance or use Squid as a proxy server. With Squid you can port forward ports 80 & 443 to go through Squid. Only certain IP addresses would be allowed. You can make users authenticate but that would require Ident or another program to be installed.
|
|
|
|
|
10-07-2006, 03:37 PM
|
#15 |
|
Member (10 bit)
Join Date: Feb 2005
Location: London, England, United Kingdom
Posts: 979
|
http://www.programurl.com/browsecontrol.htm
http://www.programurl.com/software/r...net-access.htm http://www.surfpack.com/software/res...nternetaccess/
__________________
I am always doing that which I can not do, in order that I may learn how to do it. Last edited by macko72; 10-07-2006 at 03:45 PM. |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| XP Home/SP2/Windows Update problem | Panama Red | Windows Legacy Support (XP and earlier) | 18 | 11-03-2004 03:07 AM |
| Windows services list | snooker | Windows Legacy Support (XP and earlier) | 0 | 06-27-2004 11:05 PM |
| Suggestions on what you can do to secure/clean your PC | snooker | Networking & Online Security | 0 | 06-20-2004 06:03 PM |
| Confused!!!XP Networking | healtheworld | Networking & Online Security | 5 | 11-03-2003 09:58 AM |
| I think this will be of use.... | BlackHoleSun | Internet, Web Applications, & The Cloud | 6 | 10-16-2000 01:08 AM |
Linear Mode
