IP Policies

Printable View

June 9th, 2003, 01:39 PM
Surreal

IP Policies

Hello,

I am messing arounf with IP Policies on Win2K. I have created a rule that allows incoming and outgoing HTTP traffic. I have also created a rule that blocks all other traffic to ensure that only HTTP in/out traffic is permitted. I am still having problems with the HTTP traffic even though I have created the rule.

RULES:
Allow HTTP: from my ip to any ip, protocol TCP, port 80 mirrored: yes
Deny ALL: from my ip to any ip, protocol ANY, port ANY mirrored: yes

Do IP Policies work like a frewall, in that the first rule wins?
Reading material regarding the matter would be much appreciated.

Thanks
June 9th, 2003, 02:42 PM
snow_crash

I believe, if I remember correctly, that DENY always takes precedence. You have to configure it around the HTTP.
June 9th, 2003, 03:47 PM
tampabay420

i could not find any specific links for an answer, but here is the Microsoft explanation of the IPSec policies, et cetera...

http://www.microsoft.com/technet/tre...c_tcp_ltxs.asp
June 10th, 2003, 10:22 AM
Surreal

I don't believe that I have to configure a deny rules around all the services that I want open. The point of having a deny all rule is to block all traffic. After this has been defined then all wanted services/ports have to be opened by creating allow rules.

There must be a way.