IP Filter Order

  • Thread starter Thread starter Somo
  • Start date Start date
S

Somo

For example I have IP Filters:

SOURCE -direction- DESTINATION Protocol Action
Any <-> MyIPAddress Any Block
Any:80 <-> MyIPAddress:Any TCP Permit
Any:Any <-> MyIPAddress:1 TCP Block

Is it possible to scan MyIPAddress:1 from source port 80?

Scan packets will be:
Any:80 -> MyIPAddress:1 TCP

so, in what order IP Filters would be applied?
 
Depends on the manufacturers specs. Most usually, the list is a top down
design. which means that you generally have all your permits at the top and
an explicit deny all at the bottom.

A good way to see if this is working, is to try and telnet to that port.

Telnet %ComputerName% 80
 
Ipsec filters are applied in a manner so that specific rules override a general
rule. In other words a permit port 80 tcp would override a general block all
rule and allow traffic on port 80 tcp. --- Steve
 
-----Original Message-----
Ipsec filters are applied in a manner so that specific rules override a general
rule. In other words a permit port 80 tcp would override a general block all
rule and allow traffic on port 80 tcp. --- Steve
Click to expand...
Yes, but there also is specific rule
MyIPAddress:1:TCP:BLOCK

Question is which rule from those two specific are MORE
specific.
 
-----Original Message-----
Depends on the manufacturers specs. Most usually, the list is a top down
design. which means that you generally have all your permits at the top and
an explicit deny all at the bottom.
Click to expand...

It is Windows 2000 IPSEc Filters. They have no way to
customize order ;(
A good way to see if this is working, is to try and telnet to that port.

Telnet %ComputerName% 80
Click to expand...
Yes, and nMap scanner as well. But where is warranty that
another time rules order will be the same?
 
I think the one with 80 specified would be the most specific. Ipsec filters
can be more confusing than firewall rules. What are you trying to do? If you
are having problems accessing the internet, you may need to allow outbound
53 udp/tcp for dns. --- Steve
 
Back
Top