V
Vince C.
Hi, all.
I mean "can I setup a smart configuration of Packet Filtering in RRAS to
achieve the same level of protection as a software firewall such as Kerio
Personal Firewall?
The main reason for this question is I played a little with packet filtering
to prohibit outbound traffic to AD servers, for instance, like
doubleclick.net, fastclick.com, aso. It is a global solution that will fit
all of my workstations in a LAN. With a software firewall like Kerio it is
much more complicated and all I could achieve simply was to deny access to
those servers from the local machine itself (i.e. the server machine on
which Kerio was installed). Now I'm considering replacing my PFW engine with
rules defined in RRAS Packet filtering.
The other point is I have a workstation in the LAN that can sometimes act as
a server (it's a gaming machine with Unreal Tournament). With my personal
firewall I have to define rules that I must enable whenever I'm playing
otherwise outbound TCP/UDP packets are rejected. But these rules are like
wide open doors for I have to enable almost all ports above 1024 due to NAT
outbound traffic. NAT chooses random port values above 1024 to map ports on
LAN workstations. And there is SQL Server, which uses port 1433.
I'd like to have rules that allow incoming/outgoing traffic on specific
ports to/from my gaming machine only when I'm playing. I don't like to
create loose rules that could allow anyone to hack my server when I'm
playing. I think I understand I can achieve this with packet filtering.
(after all a firewall is a smart packet filter, isn't it?)
So is it a good idea or should I still consider leaving my firewall active
and enabled? I'd prefer not to switch to ISA server.
Thanks for any hint/suggestion.
I mean "can I setup a smart configuration of Packet Filtering in RRAS to
achieve the same level of protection as a software firewall such as Kerio
Personal Firewall?
The main reason for this question is I played a little with packet filtering
to prohibit outbound traffic to AD servers, for instance, like
doubleclick.net, fastclick.com, aso. It is a global solution that will fit
all of my workstations in a LAN. With a software firewall like Kerio it is
much more complicated and all I could achieve simply was to deny access to
those servers from the local machine itself (i.e. the server machine on
which Kerio was installed). Now I'm considering replacing my PFW engine with
rules defined in RRAS Packet filtering.
The other point is I have a workstation in the LAN that can sometimes act as
a server (it's a gaming machine with Unreal Tournament). With my personal
firewall I have to define rules that I must enable whenever I'm playing
otherwise outbound TCP/UDP packets are rejected. But these rules are like
wide open doors for I have to enable almost all ports above 1024 due to NAT
outbound traffic. NAT chooses random port values above 1024 to map ports on
LAN workstations. And there is SQL Server, which uses port 1433.
I'd like to have rules that allow incoming/outgoing traffic on specific
ports to/from my gaming machine only when I'm playing. I don't like to
create loose rules that could allow anyone to hack my server when I'm
playing. I think I understand I can achieve this with packet filtering.
(after all a firewall is a smart packet filter, isn't it?)
So is it a good idea or should I still consider leaving my firewall active
and enabled? I'd prefer not to switch to ISA server.
Thanks for any hint/suggestion.