Packet Filtering

nuglobenuglobe Member Posts: 190
Say that you are setting up a packet filtering for a custom protocol that uses 2 tcp ports. Would I have to have both inbound and outbound rules?

The reason I ask is in the MS press book it shows an example of setting up packet filtering for a web server, and in the example it creates both and inbound tcp 80 rule and an outbound tcp 80 rule. I don't see why this would need to be this way. It seems that you are just trying to limit the access coming from your untrust interface.
GenshiroGuide: My blog about things I found useful. Now with videos. :)

Comments

  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    If this RRAS server's sole purpose is to initiate and tunnel VPN traffic, why potentially open holes when not needed. Harden your servers as much as possible and leave them ONLY open enough to let them do their job.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • rossonieri#1rossonieri#1 Member Posts: 799 ■■■□□□□□□□
    nuglobe wrote:
    Say that you are setting up a packet filtering for a custom protocol that uses 2 tcp ports. Would I have to have both inbound and outbound rules?

    The reason I ask is in the MS press book it shows an example of setting up packet filtering for a web server, and in the example it creates both and inbound tcp 80 rule and an outbound tcp 80 rule. I don't see why this would need to be this way. It seems that you are just trying to limit the access coming from your untrust interface.

    hello,

    in the example perhaps the network running a public web server. -- the inbound is for the internet query the web server -- and the outbound is the internal network client accessing the internet.

    and -- it has nothing to do with vpn etc -- no offense ic ;)

    cheers.
    the More I know, that is more and More I dont know.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    nuglobe wrote:
    Say that you are setting up a packet filtering for a custom protocol that uses 2 tcp ports. Would I have to have both inbound and outbound rules?

    The reason I ask is in the MS press book it shows an example of setting up packet filtering for a web server, and in the example it creates both and inbound tcp 80 rule and an outbound tcp 80 rule. I don't see why this would need to be this way. It seems that you are just trying to limit the access coming from your untrust interface.

    hello,

    in the example perhaps the network running a public web server. -- the inbound is for the internet query the web server -- and the outbound is the internal network client accessing the internet.

    and -- it has nothing to do with vpn etc -- no offense ic ;)

    cheers.

    I think (without seeing the example in the MS press book) that it is wrong. Are we talking about TCP/IP filtering in the network properties (advanced options) or on the Windows firewall? Or maybe as icroyal was guessing, are we talking about IPSec policies?
    All things are possible, only believe.
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    I swear that his initial post spoke about RRAS and VPN and now it's edited to talk about http. Hmmm...
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • nuglobenuglobe Member Posts: 190
    Im talking about filtering HTTP traffic through RRAS on the interface "inbound" and "outbound" buttons.
    GenshiroGuide: My blog about things I found useful. Now with videos. :)
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    So it's like I said initially then. It depends on what your filter setting is. You can configure RRAS to allow all traffic except for the rules in the list. You can also configure it to deny all traffic except for the rules in the list. The latter is definitely more secure as you are locking down connectivity and accepting only what you need. This is the preferred method from a security standpoint.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    nuglobe wrote:
    Im talking about filtering HTTP traffic through RRAS on the interface "inbound" and "outbound" buttons.

    If you are running a web server, you only need to allow 80 on the inbound. However, you might have to allow 1024-65535 outbound in order to respond to the incoming requests. I don't know off the top of my head if RRAS is stateful or just a simple packet filter.
    All things are possible, only believe.
  • nuglobenuglobe Member Posts: 190
    Alright, so that MS Press book is a little misleading... if not wrong. Thanks for the response, was a little confused.
    GenshiroGuide: My blog about things I found useful. Now with videos. :)
Sign In or Register to comment.