Security Basics mailing list archives
RE: Simple Firewall: Summary
From: "Alexander Suhovey" <asuhovey () mtu-net ru>
Date: Sat, 8 Jan 2005 22:09:00 +0300
Regarding IPSec filters - don't know why you desided that there's no deny capability. You can create a filter to block certain types of traffic to/from sertain set of IP address, subnet or DNS name. Here's a couple of links on topic. First is good example of GUI-based configuration of IPSec filters while second talks command line. How can I block a Windows 2000/XP/2003 computer from surfing on the Internet but still allow it to surf to Intranet sites? http://www.petri.co.il/block_internet_but_allow_intranet_with_ipsec.htm How to block specific network protocols and ports by using IPSec: http://support.microsoft.com/default.aspx?scid=kb;en-us;813878 Hth, Al
-----Original Message----- From: G Farnham [mailto:gfarnham () gmail com] Sent: Thursday, December 30, 2004 1:27 AM To: security-basics () securityfocus com Subject: Simple Firewall: Summary Thanks for all the responses. Summary below. Followup question: Are there any good tools for testing firewall performance. Specifically in terms of latency added by firewall. Summary: 1) This looks like best solution for me Try PktFilter http://www.hsc.fr/ressources/outils/pktfilter/ 2) This one looks viable also ou may be able to use peerguardian... A firewall of sorts for peer-2-peer apps that uses a deny list to prevent the FBI/RIAA/MPAA etc. from snooping your shared files. You should be able to pick that up at http://www.methlabs.org/methlabs.htm 3) recommendations for commercial firewalls would probably work, some recommended ones are: Kerio tiny firewall sygate 4) Win Remote access service RRAS I think this would work, but more overhead than I want 4) Use windows IP filtering, Win2003 SP1 (like XP SP2 firewall), IPSec white list I don't think any of these meet my needs. I need a deny capability. Permit or White list will not help me as the service (game server) needs to be open to the public. As far as I know, built in IP filtering is "permit only" not deny capability. XP SP2 firewall has no way to define a deny list for source IP. [If I have any of this wrong, feel free to correct me, but please provide details on how to do it or where to see it] GDF
Current thread:
- RE: Simple Firewall: Summary Alexander Suhovey (Jan 10)
- Re: Simple Firewall: Summary G Farnham (Jan 10)