Markus

I found this rather interesting article, describing how to use IPsec in 2000 to setup a firewall, very handy, no need for firewall software.

I've followed the information and configured things so that all incoming and outgoing traffic is blocked. Now I'm wanting to open things up, specifically, I want to allow the machine to be able to surf the web, but something isn't quite right as I can't seem to allow this.

I've downloaded the firewall.ipsec file on that site and imported it and yet it still won't allow me to surf the internet using IE.

Can anyone tell me what I need to configure to allow this.

judgejules

I use this on my colo box.

I've created an entry called

"20,21,80,110,443 outbound"

Each one of those ports is set up in it as mirrored tcp
Source Port Any
Destination port (20,21,80,110 or 443)
Source address (my ip address)
Destination address (any ip address)

Then go in to filter action and select "permit"

Just dont open the ports you dont need.

J

Markus

Thanks for that. I was sure I was doing that, but it did not seem to work. I've tried it again just now and it's working perfectly. Have to say I'm very impressed, plus saves me having to purchase firewall software.

Jeff Wiltshire

At best this is a packet filter (and not a very good one) and at worst it gives you the impression of security while having none. If what you are "protecting" is of any value at all, get yourself a proper stateful inspection firewall.

Markus

If it's filtering and blocking packets, both incoming and outgoing then surely it's doing something beneficial? If you're also running AV and Anti Spyware on the machine to protect against other intrusions then would that not make a good enough suite of security?

Jeff Wiltshire

It's worth what you paid for it, it's a free piece of software for an 9 year old OS with more holes than swiss cheese, just don't expect it to stop anything or anyone.