On this test machine (non-domain), I want to restrict WinRM listener (itself) to only listen for specific client IP addresses or client IP address range. I don't want to attempt to control WinRM traffic via GPO/FW, I want to control WinRM traffic via the listener itself.
The command I used to create the listener (The IP I used in ""IP:xxx.xxx.xxx.xxxx" is the IP of the public interface (front net). The resulting listener configuration then contains the public IP as the listener Address as well as the ListenOn address. I appreciate if someone case explain what the "Address" field and "ListenOn" field mean and how I can ensure that WinRM is listening on a specific interface on the target server and listening for specific client (requesting) IP's.
That's something you'd have to lock down in the firewall. Or, I suppose, with IP address restrictions at the IIS level. The WinRM configurations tell it which IP addresses to bind to, not which ones to accept connections from.