Windows Professional includes support for TCP/IP filtering. TCP/IP filtering allows you to specify exactly which types of incoming IP traffic are processed as the destination for each IP interface. This feature is designed to isolate the traffic being processed by Internet and intranet clients in the absence of other TCP/IP filtering provided by IPSec, the Routing and Remote Access service, or other TCP/IP applications or services. TCP/IP filtering is disabled by default.
TCP/IP filtering is a set of input filters for non-transit TCP/IP traffic (traffic destined for the local host). Non-transit traffic is traffic that is processed by the host because the destination IP address of inbound IP datagrams is directed to an assigned interface address, appropriate subnet broadcast address, or multicast address. TCP/IP filtering does not apply to transit or routed traffic that is forwarded between interfaces.
A packet is accepted for processing if it meets one of the following criteria:
* The destination TCP port matches the list of TCP ports. By default, all TCP ports are permitted.
* The destination UDP port matches the list of UDP ports. By default, all UDP ports are permitted.
* The IP protocol matches the list of IP protocols. By default, all IP protocols are permitted.
* It is an ICMP packet.
You cannot filter ICMP traffic by using TCP/IP filtering. If you need ICMP filtering, configure IP packet filters by using Routing and Remote Access. For more information, see "Unicast IP Routing" in the Internetworking Guide of the Windows 2000 Server Resource Kit.
* Protocols that are members of the TCP/IP protocol suite are frequently referred to simply as "IP Protocols".
To configure TCP/IP filtering
1. In Control Panel (default view), click Network and Internet Connections.
2. Click Network Connections.
3. In Network Connections, right-click the local area connection you want to modify, and then click Properties.
4. On the General tab, click Internet Protocol (TCP/IP) in the list of components, and then click Properties.
5. Click Advanced.
6. Click the Options tab, click TCP/IP filtering, and then click Properties.
7. In the TCP/IP Filtering dialog box, select the Enable TCP/IP Filtering check box and then add the numbers of all TCP and UDP ports and all IP protocols for which you want filtering enabled.
8. Click OK.
TCP/IP filtering can be enabled and disabled for all adapters by selecting a single check box. This helps troubleshoot connectivity problems that might be related to filtering. Filters that are too restrictive might unnecessarily limit connectivity options. For example, if you decide to allow only specific types of UDP traffic and do not include RIP (UDP port 520), then the RIP Listener service does not function.