[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2148
  • Last Modified:

netsh ipsec

Hi,

Need help with this command:

netsh ipsec static add filterlist name=blockem

netsh ipsec static add filter filterlist=blockem srcaddr=111.111.111.111 dstaddr=111.111.111.111 protocol=any mirrored=yes

something I'm doing wrong, the idea is to block all traffic on all ports to and from the 111.111.111.111 example ip, could somone point out my error please?

TIA

0
995commerce
Asked:
995commerce
  • 4
  • 2
1 Solution
 
Nirmal SharmaSolution ArchitectCommented:
Please see this also: -
http://cert.uni-stuttgart.de/files/tf/templates/PacketFilters-SUS.CMD.txt

***Quote***

REM (C) RUS-CERT, University of Stuttgart
REM contact: Tom Fischer, RUS-CERT, http://cert.uni-stuttgart.de/

REM Packet Filters for Software Update Services (SUS) Server Hardening
REM Name: PacketFilters-SUS.cmd
REM Version: 1.0

REM Revision History
REM 0000 - Original May, 09, 2003
REM 0001 - added environment variable DNS May, 22, 2003

REM NOTE: IP Address or server names should be hardcoded into the
REM       dstaddr/srcaddr

:IPSec Policy Definition
REM The following rule will delete _all_ ipsec Filters!
netsh ipsec static delete all

netsh ipsec static add policy name="Packet Filters - SUS" description="SUS Server Hardening Policy"

:IPSec Filter List Definitions
netsh ipsec static add filterlist name="HTTP Server" description="SUS Server Hardening"
netsh ipsec static add filterlist name="HTTPS Server" description="SUS Server Hardening"
netsh ipsec static add filterlist name="Outgoing HTTP" description="SUS Server Hardening"
netsh ipsec static add filterlist name="Terminal Server" description="SUS Server Hardening"
netsh ipsec static add filterlist name="DNS Server TCP" description="Server SUS Hardening"
netsh ipsec static add filterlist name="DNS Server UDP" description="Server SUS Hardening"
netsh ipsec static add filterlist name="ICMP Traffic" description="Server SUS Hardening"
netsh ipsec static add filterlist name="ALL Inbound Traffic" description="SUS Server Hardening"


:IPSec Filter Action Definitions
netsh ipsec static add filteraction name=SecPermit description="Allows Traffic to Pass" action=permit
netsh ipsec static add filteraction name=Block description="Blocks Traffic" action=block

:IPSec Filter Definitions
REM Allowing HTTP-Client-Connect to Server (that's SUS for;)
netsh ipsec static add filter filterlist="HTTP Server" srcaddr=any dstaddr=me description="HTTP Traffic" protocol=TCP srcport=0 dstport=80

REM Allowing HTTPS for adminstrative connection (as necessary)
netsh ipsec static add filter filterlist="HTTPS Server" srcaddr=any dstaddr=me description="HTTPS Traffic" protocol=TCP srcport=0 dstport=443

REM Systems snychronizing from a local Software Update Server (or using Proxy Server) should replace "dstaddr=any" by "dstaddr=<IP>" e.g. "dstaddr=192.168.8.4"
netsh ipsec static add filter filterlist="Outgoing HTTP" srcaddr=me dstaddr=any description="Outgoing HTTP Traffic" protocol=TCP srcport=0 dstport=80

REM Allowing Terminal Session from anywhere (you should change "srcaddr=any" to something more restricted e.g "srcaddr=129.69.16.0 srcmask=255.255.255.0")
netsh ipsec static add filter filterlist="Terminal Server" srcaddr=any dstaddr=me description="Terminal Server Traffic" protocol=TCP srcport=0 dstport=3389

REM Allowing DNS
netsh ipsec static add filter filterlist="DNS Server TCP" srcaddr=me dstaddr=DNS description="Traffic to DNS Server" protocol=TCP srcport=0 dstport=53
netsh ipsec static add filter filterlist="DNS Server UDP" srcaddr=me dstaddr=DNS description="Traffic to DNS Server" protocol=UDP srcport=0 dstport=53

REM Allowing ICMP Traffic
netsh ipsec static add filter filterlist="ICMP Traffic" srcaddr=any dstaddr=me description="Allowing ICMP Traffic" protocol=ICMP srcport=0 dstport=0

REM favorite rule - block all inbound traffic
netsh ipsec static add filter filterlist="ALL Inbound Traffic" srcaddr=any dstaddr=me description="ALL Inbound Traffic" protocol=any srcport=0 dstport=0

:IPSec Rule Definitions
netsh ipsec static add rule name="HTTP Server Rule" policy="Packet Filters - SUS" filterlist="HTTP Server" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="HTTPS Server Rule" policy="Packet Filters - SUS" filterlist="HTTPS Server" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="Outgoing HTTP Rule" policy="Packet Filters - SUS" filterlist="Outgoing HTTP" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="Terminal Server Rule" policy="Packet Filters - SUS" filterlist="Terminal Server" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="TCP-DNS Rule" policy="Packet Filters - SUS" filterlist="DNS Server TCP" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="UDP-DNS Rule" policy="Packet Filters - SUS" filterlist="DNS Server UDP" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="ICMP Traffic Rule" policy="Packet Filters - SUS" filterlist="ICMP Traffic" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="ALL Inbound Traffic Rule" policy="Packet Filters - SUS" filterlist="ALL Inbound Traffic" kerberos=yes filteraction=Block
REM assign filter (alternatively "assign=no" to assign manually)
netsh ipsec static set policy name="Packet Filters - SUS" assign=yes

***End Quote***
0
 
995commerceAuthor Commented:
I've looked at that, that's how I built those commands, there are no examples there and I'm stuck, I don't see what's wrong, s  hope someone can correct my syntax
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
995commerceAuthor Commented:
I meant the microsoft link, I think you just posted the info I needed, one sec let me test
0
 
995commerceAuthor Commented:
ok, I get nothing when running:

netsh ipsec static add filter filterlist="blockem" srcaddr=66.165.209.107 dstaddr=me protocol=any mirrored="yes" srcport=0 dstport=0

does the srcport=0 dstport=0 cover all ports?

also,

where should I look for the blockem policy? in local ipsec policy?
0
 
995commerceAuthor Commented:
ok found it all, all works now when from cmd

Thans! =)
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now