June 9th, 2003, 01:39 PM
I am messing arounf with IP Policies on Win2K. I have created a rule that allows incoming and outgoing HTTP traffic. I have also created a rule that blocks all other traffic to ensure that only HTTP in/out traffic is permitted. I am still having problems with the HTTP traffic even though I have created the rule.
Allow HTTP: from my ip to any ip, protocol TCP, port 80 mirrored: yes
Deny ALL: from my ip to any ip, protocol ANY, port ANY mirrored: yes
Do IP Policies work like a frewall, in that the first rule wins?
Reading material regarding the matter would be much appreciated.
June 9th, 2003, 02:42 PM
I believe, if I remember correctly, that DENY always takes precedence. You have to configure it around the HTTP.
June 9th, 2003, 03:47 PM
i could not find any specific links for an answer, but here is the Microsoft explanation of the IPSec policies, et cetera...
yeah, I\'m gonna need that by friday...
June 10th, 2003, 10:22 AM
I don't believe that I have to configure a deny rules around all the services that I want open. The point of having a deny all rule is to block all traffic. After this has been defined then all wanted services/ports have to be opened by creating allow rules.
There must be a way.