[PLUG] Windows firewall
Paul Heinlein
heinlein at madboa.com
Thu Oct 19 20:44:29 UTC 2006
On Thu, 19 Oct 2006, Ed Sawicki wrote:
> I've had my head buried in writing a book for the past few months
> and I've not kept up with the latest Windows stuff. Does the latest
> version of Windows server (what's it called now? Is it shipping
> yet?) have a built-in firewall whose functionality comes anywhere
> close to Linux Netfilter/iptables?
Afaict, you have three choices with Windows Server 2003:
1. Simple TCP/IP filtering on a per-interface basis:
Network Connections -> $INTERFACE -> Local Area Connection
Properties -> Internet Protocol (TCP/IP) Properties ->
Advanced TCP/IP Settings -> TCP/IP filtering
The default is to let all traffic pass; exceptions are blocked.
2. Stateful packet analysis/filtering using Internet Connection
Firewall (ICF). When enabled, ICF's default setting is to
deny unsolicited inbound traffic. Exceptions must be made
explicit. There's a logging module, but it's not as configurable
as netfilter.
Note that ICF can't do masquerading; that's handled by the
Internet Connection Sharing (ICS) application.
Both ICF and ICS are included with the most popular versions of
Windows Server 2003.
3. For extra $$, you can purchase the Microsoft Internet Security
and Acceleration (ISA) Server, a software suite that application-
level filtering and proxy capabilities.
--
Paul Heinlein <> heinlein at madboa.com <> www.madboa.com
More information about the PLUG
mailing list