[Snort-users] Still Help Needed: i want to make a firewall

Mirko Matytschak MirkoMaty at ...1820...
Thu Apr 17 01:53:34 EDT 2003


Maybe I can help you.

If closing ports is all you need, IPSec is a very usefull tool. It's part of W2K and XP. I try to give a short description of the steps needed to make a working filter environment. On my machine is a german version of XP, so keep in mind that some of the Commands I mention here may have slightly different names.

Start the IPSec MMC Snap in: Start | Run | secpol.msc.

Right click on "IP Security Policies". Select "Configure IP Filter Lists and Actions", Select the left tab (IP Filter lists).
Add two filter lists, one for the forbidden packets, one for the allowed packets. Let's start with the forbidden ones. If you click "Add", you'll get a dialog, "IP Filter List". Enter a name like "Forbidden Packets", make shure to select the "Use Wizard" check box. Then click "Add", to add a filter rule. The wizard starts. In the following steps choose "Any IP Address" as Source, "My IP Address" as destination, "Any" as Protocol Type and finish the wizard. Close the IP Filter List dialog. Now click "Add" again for the allowed packets. Choose a name like "Allowed Packets". For each Port you need to have open (80, 21, 5900, or whatever) you need to add two Filter Rules. Let's start with the first rule for HTTP:
Source Address -> Any IP Address
Dest Address -> My IP Address 
Protocol -> TCP


More information about the Snort-users mailing list