From: "Geo." 

My guess would be a second rule in the firewall is allowing these machines
before the block rule.

Geo.

"Hrvoje Mesing"  wrote in
message news:412f5dd8{at}w3.nls.net...
>
> "John Beckett" 
wrote in message
> news:412f0ae7.1896326{at}216.144.1.254...
>
> > "Hrvoje Mesing"  wrote
in message
> > news::
> >> I wanted to set Grant for just few IP_s and one subnet.
> >> Everything worked OK until one computer which was not allowed normally
> >> connected to the \\something\share$ which was active.
> >
> > I don't know, but first check would be at command prompt on the something
> > computer:
> >
> > netstat -n
> >
> > Exactly what IP is connected? It should be the rogue machine that you want
> > blocked. But is it?
> >
> > It's a while since I played with IPSec filters so I am vague, but ISTR you
> > need a "catch all" rule to block access. You also have
a rule to permit
> > the IPs that you want. I don't think you mentioned having a block rule.
>
>
> ---
>
> netstat -aNo (which should give me the process names too) gives nothing ==
> like the I_would_like_it_to_be_blocked_computer is not connected at all, but
> then again, I still see it when it is doing interaction/browsing on the
> share itself.
>
> I made a rule/s that block everything of course (I trust in: First block
> everything, then open what You need) + I made an exception rules which do
> not catch the I_would_like_it_to_be_blocked_computer in any metter!
>
> + I found a new machine that can connect - fresh share mapping - with no
> problem and is explicity blocked (!).
>
> Weird, but I must be wrong somewhere!
>
> I will countinue to Test on Mondays.
>
> Thank You All!
>
>
> ---
> M.
>
>

--- BBBS/NT v4.01 Flag-5