Hi there,
I have a problem with hackers attempting to hit my dcom ports on our 2930. Unfortunately I need to have these open but would like to restrict access to only IPs that we trust. Does anyone know how to do this or perhaps point me in the right direction?

Many thanks

right.....

go to firewal >filter setup> 2. default data filter
(u can leave the default there)
1. create a block rule (ie #2 (under default rule)) with the following:

direction = wan>lan
service type = your dcom port
action = block if no further match

*** leave the rest blank ***
the above will block ALL incoming <your specified dcom port>

2. now you have to set an allow rule ie #3

exactly the same as above but:
source ip = <your trusted ip/s>
action = allow

if you study the above, you will see:
1. blocks all dcom
2. allows dcom from your trusted ip/s.

don't forget that the firewall is object orientated so you can put numerous ports into service type groups or multiple ip's into ip groups should you require them.

I'll give it a try. Many thanks for your help