> Sorry it takes longer than what I'd like to to respond. I've read the
> MS URL you posted. I perfer the command line scripting to the GUI
> interface. So, according to the doc, the following three steps would
> secure a Win OS machine that has a web server and connected to the
> net:
> 1) ipsecpol -w REG -p "Packet Filter" -r "Inbound web protocols"
> -f *+myMachineIP:80:TCP -n PASS
>
> 2) ipsecpol -w REG -p "Packet Filter" -r "All inbound traffic"
> -f *+myMachineIP -n BLOCK
>
> 3) ipsecpol -w REG -p "Packet Filter" -x
>
> Would the above end result similar to what you described below?
Yes. But it is *very* restrictive. You will not even be able to resolve a hostname or answer to ICMP traffic. I would not recommend this.
> Also, the IPsec wouldn't mess up with jrun server or the like, yes?
It might, but that is easy to solve:
ipsecpol -w REG -p "Packet Filter" -r "Loopback traffic" -f 0+0 -n PASS
> One more, any idea the myMachineIP should be WAN IP or internal IP?
Neither, just use "0" which will be resolved to the IP address of the system (at least, I think it is "0", it is in the command line help).
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
