open port for specific application only (CPF 32-bit; vista ultimate 32-bit)

i am able to open ports, but is there any way to allow the port to only be open for a specified program?

for example, if i wanted to run a server from my computer, but i only wanted to allow software related to IIS to have access to that, is that possible? or for a file sharing program, or ftp server, or whatever, is it possible to select an open port for each program and not allow any other program to run as a server through that port, even if the intended server program is turned off?

Yes it can be done by clicking Firewall>Advanced>Network Security Policy. On that page, locate the program you want to use that port and select it (or if it is not there, click Add and browse to the application’s folder and select it) and then click Edit. If there are no rules for TCP/UDP (Otherwise, click Edit and restrict the source port to the one you want and the destination port to its choice - or choose All if you don’t know the port), click Add and define a rule for TCP/UDP;Allow;In/Out;Source IP;Destination IP;Source Port;Destination Port. Make sure that there is a last rule that reads "Block and Log IP in/out source IP Any destination IP Any soure port Any Destination Port Any. This prevents other unwanted connections and only applies if the connections do not fit the restrictions spelled out in the rule above. You have to Add that rule separately after the Allow rule is defined by clicking Add again.

sorry for my much belated reply. thank you very much for your help.

when i use in/out, am i the source or destination?

That depends if you are receiving or sending. If you are receiving then the sending computer is the source. If you are sending then you are the source :slight_smile:

i can use that in situations when i am a dedicated server (iis, ftp), but what about if i’m both (file sharing), do i have to leave it at “any”? would it be better just to define two different rules in this case, one for in and one for out?

edit: it seems definng two rules, one for in, one for out, (plus the third catch-all “block” rule) seems to be working fine. this allows me to open only one port on one ip but works for either way. so, i guess disregard this post

thanks for all your help!