How can I disable access to the LAN, but access to SQL statements?

How can I disable access to the LAN, but access to SQL statements? Delphi/Windows SDK/API
Http://www.delphi2007.net/DelphiDB/html/delphi_20061222112257168.html
In the same LAN, how does one prohibit clients from accessing the lan? Program Can I access SQL?
In addition, if the guest in the Client Policy (gpedit. MSC) is disabled and the guest in the user is disabled, how can I access the SQL statement if it is not enabled?

Pin it by yourself

In the policy, it seems that you can specify some names that can be accessed. Add the sqlserver pipeline name.

The port is directly filtered out.

Setting two machines as different CIDR blocks can restrict certain forms of "access"

I mean, on the server, the client cannot access any machines in the LAN, but can access the SQL database of the server. How can this problem be solved? Do I need a server proxy?

To lihuasoft)
I checked some information and set it to a vro for different CIDR blocks. In addition, if I access the SQL database (that is, I only access the SQL database) between different CIDR blocks, what should I do )?

Port filtering! Principles similar to firewalls

Simple. two solutions:
1. assume that your server is a domain control server, so any machine must log on to your server, and you will create a file on the server, this file can be automatically loaded to the client while logging on to the client. configure all clients according to your settings. you only need to prohibit the customer from modifying your network settings when making the file, and then close all ports, and leave a 1433 port. because the TCP/IP protocol only needs one port 1433 to access SQL;
2. if you are too complicated, you can remove the administrator permissions of all computers and make other users unmanageable so that they cannot modify your network settings. then manually log on to each workstation as an administrator. delete all the protocols in the local connection in the network connection properties, and leave a TCP/IP protocol. Then, you can find "TCP/IP filtering" on the options page of the Protocol's advanced options ", click it and then click Properties. check "use TCP/IP filtering (all compatible)", select TCP/IP port "only allow", and enter 1433. then confirm all the windows. finally, restart.
However, the prerequisite is that your SQL statement must be set up when it is installed. All customers can access it through 1433 without being modified.

Using Windows security mechanisms, you can specify system security policies and open MSSQL ports.

The client closes the port.
TCP/IP 139
TCP/IP 445
TCP 137
TCP 138


Canceled in the service bound to the NIC
Microsoft Network Client
File and printer sharing in Microsoft Network
Retain only the TCP/IP protocol

Retain only the TCP/IP protocol
Only port 1433/1434 is enabled (it seems that port 1434 can also be disabled, not confirmed)

Don't expose your database server. Expose your application server (Web service) or your web server (web site)

After learning, refer to cowboy_tt ().

Use a firewall to open only port 1433

The upstairs method is good.

Okay. Install a firewall and activate port 1433.

The method is that some guset can be enabled.
Disable tcp udp 135 and 139 using the Local Security Policy.
Open only port 1433 or the SQL port you set!
After the setting, you can import policies to no clients! You can.

The implementation in the program is not very unrealistic, because there are many windows ports. You cannot block it all. It is better to use a firewall, but it cannot fully implement your ideas.