Packet Filtering

Say that you are setting up a packet filtering for a custom protocol that uses 2 tcp ports. Would I have to have both inbound and outbound rules?

The reason I ask is in the MS press book it shows an example of setting up packet filtering for a web server, and in the example it creates both and inbound tcp 80 rule and an outbound tcp 80 rule. I don't see why this would need to be this way. It seems that you are just trying to limit the access coming from your untrust interface.

Find more posts tagged with

Comments

royal

If this RRAS server's sole purpose is to initiate and tunnel VPN traffic, why potentially open holes when not needed. Harden your servers as much as possible and leave them ONLY open enough to let them do their job.

rossonieri#1

nuglobe wrote:

Say that you are setting up a packet filtering for a custom protocol that uses 2 tcp ports. Would I have to have both inbound and outbound rules?

The reason I ask is in the MS press book it shows an example of setting up packet filtering for a web server, and in the example it creates both and inbound tcp 80 rule and an outbound tcp 80 rule. I don't see why this would need to be this way. It seems that you are just trying to limit the access coming from your untrust interface.

hello,

in the example perhaps the network running a public web server. -- the inbound is for the internet query the web server -- and the outbound is the internal network client accessing the internet.

and -- it has nothing to do with vpn etc -- no offense ic

cheers.

sprkymrk

rossonieri#1 wrote:

nuglobe wrote:

Say that you are setting up a packet filtering for a custom protocol that uses 2 tcp ports. Would I have to have both inbound and outbound rules?

The reason I ask is in the MS press book it shows an example of setting up packet filtering for a web server, and in the example it creates both and inbound tcp 80 rule and an outbound tcp 80 rule. I don't see why this would need to be this way. It seems that you are just trying to limit the access coming from your untrust interface.

hello,

in the example perhaps the network running a public web server. -- the inbound is for the internet query the web server -- and the outbound is the internal network client accessing the internet.

and -- it has nothing to do with vpn etc -- no offense ic

cheers.

I think (without seeing the example in the MS press book) that it is wrong. Are we talking about TCP/IP filtering in the network properties (advanced options) or on the Windows firewall? Or maybe as icroyal was guessing, are we talking about IPSec policies?

royal

I swear that his initial post spoke about RRAS and VPN and now it's edited to talk about http. Hmmm...

nuglobe

Im talking about filtering HTTP traffic through RRAS on the interface "inbound" and "outbound" buttons.

royal

So it's like I said initially then. It depends on what your filter setting is. You can configure RRAS to allow all traffic except for the rules in the list. You can also configure it to deny all traffic except for the rules in the list. The latter is definitely more secure as you are locking down connectivity and accepting only what you need. This is the preferred method from a security standpoint.

sprkymrk

nuglobe wrote:

Im talking about filtering HTTP traffic through RRAS on the interface "inbound" and "outbound" buttons.

If you are running a web server, you only need to allow 80 on the inbound. However, you might have to allow 1024-65535 outbound in order to respond to the incoming requests. I don't know off the top of my head if RRAS is stateful or just a simple packet filter.

nuglobe

Alright, so that MS Press book is a little misleading... if not wrong. Thanks for the response, was a little confused.