Stupid Windows Firewall

Posted by chetan on January 30, 2011 in computers suck

So it turns out that Windows Firewall, even in Windows 2008, still can’t accept a range of ports, either in the UI or via command line, most commonly when setting up PASV FTP transfers. The common workaround is to create one entry per port in your range like so:

C:> FOR /L %I IN (60000,1,60200) DO netsh firewall add portopening TCP %I "Passive FTP"%I

While this does work, it’s slightly annoying that you have to create 200 individual entries in your config. My slightly better workaround is to just stick every port into the text entry field using this simple ruby helper:

puts (60000..60200).to_a.join(",")

You can run this either in IRB or directly on the command line using the following command:

$ ruby -e 'puts (60000..60200).to_a.join(",")'

This is great if your workstation has ruby on it, but sucks otherwise. So use this javascript version right here instead!

Start:

End:

Range: