?
Solved

netsh ipsec

Posted on 2005-03-05
6
Medium Priority
?
2,073 Views
Last Modified: 2008-03-10
Hi,

Need help with this command:

netsh ipsec static add filterlist name=blockem

netsh ipsec static add filter filterlist=blockem srcaddr=111.111.111.111 dstaddr=111.111.111.111 protocol=any mirrored=yes

something I'm doing wrong, the idea is to block all traffic on all ports to and from the 111.111.111.111 example ip, could somone point out my error please?

TIA

0
Comment
Question by:995commerce
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 35

Accepted Solution

by:
Nirmal Sharma earned 2000 total points
ID: 13465896
Please see this also: -
http://cert.uni-stuttgart.de/files/tf/templates/PacketFilters-SUS.CMD.txt

***Quote***

REM (C) RUS-CERT, University of Stuttgart
REM contact: Tom Fischer, RUS-CERT, http://cert.uni-stuttgart.de/

REM Packet Filters for Software Update Services (SUS) Server Hardening
REM Name: PacketFilters-SUS.cmd
REM Version: 1.0

REM Revision History
REM 0000 - Original May, 09, 2003
REM 0001 - added environment variable DNS May, 22, 2003

REM NOTE: IP Address or server names should be hardcoded into the
REM       dstaddr/srcaddr

:IPSec Policy Definition
REM The following rule will delete _all_ ipsec Filters!
netsh ipsec static delete all

netsh ipsec static add policy name="Packet Filters - SUS" description="SUS Server Hardening Policy"

:IPSec Filter List Definitions
netsh ipsec static add filterlist name="HTTP Server" description="SUS Server Hardening"
netsh ipsec static add filterlist name="HTTPS Server" description="SUS Server Hardening"
netsh ipsec static add filterlist name="Outgoing HTTP" description="SUS Server Hardening"
netsh ipsec static add filterlist name="Terminal Server" description="SUS Server Hardening"
netsh ipsec static add filterlist name="DNS Server TCP" description="Server SUS Hardening"
netsh ipsec static add filterlist name="DNS Server UDP" description="Server SUS Hardening"
netsh ipsec static add filterlist name="ICMP Traffic" description="Server SUS Hardening"
netsh ipsec static add filterlist name="ALL Inbound Traffic" description="SUS Server Hardening"


:IPSec Filter Action Definitions
netsh ipsec static add filteraction name=SecPermit description="Allows Traffic to Pass" action=permit
netsh ipsec static add filteraction name=Block description="Blocks Traffic" action=block

:IPSec Filter Definitions
REM Allowing HTTP-Client-Connect to Server (that's SUS for;)
netsh ipsec static add filter filterlist="HTTP Server" srcaddr=any dstaddr=me description="HTTP Traffic" protocol=TCP srcport=0 dstport=80

REM Allowing HTTPS for adminstrative connection (as necessary)
netsh ipsec static add filter filterlist="HTTPS Server" srcaddr=any dstaddr=me description="HTTPS Traffic" protocol=TCP srcport=0 dstport=443

REM Systems snychronizing from a local Software Update Server (or using Proxy Server) should replace "dstaddr=any" by "dstaddr=<IP>" e.g. "dstaddr=192.168.8.4"
netsh ipsec static add filter filterlist="Outgoing HTTP" srcaddr=me dstaddr=any description="Outgoing HTTP Traffic" protocol=TCP srcport=0 dstport=80

REM Allowing Terminal Session from anywhere (you should change "srcaddr=any" to something more restricted e.g "srcaddr=129.69.16.0 srcmask=255.255.255.0")
netsh ipsec static add filter filterlist="Terminal Server" srcaddr=any dstaddr=me description="Terminal Server Traffic" protocol=TCP srcport=0 dstport=3389

REM Allowing DNS
netsh ipsec static add filter filterlist="DNS Server TCP" srcaddr=me dstaddr=DNS description="Traffic to DNS Server" protocol=TCP srcport=0 dstport=53
netsh ipsec static add filter filterlist="DNS Server UDP" srcaddr=me dstaddr=DNS description="Traffic to DNS Server" protocol=UDP srcport=0 dstport=53

REM Allowing ICMP Traffic
netsh ipsec static add filter filterlist="ICMP Traffic" srcaddr=any dstaddr=me description="Allowing ICMP Traffic" protocol=ICMP srcport=0 dstport=0

REM favorite rule - block all inbound traffic
netsh ipsec static add filter filterlist="ALL Inbound Traffic" srcaddr=any dstaddr=me description="ALL Inbound Traffic" protocol=any srcport=0 dstport=0

:IPSec Rule Definitions
netsh ipsec static add rule name="HTTP Server Rule" policy="Packet Filters - SUS" filterlist="HTTP Server" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="HTTPS Server Rule" policy="Packet Filters - SUS" filterlist="HTTPS Server" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="Outgoing HTTP Rule" policy="Packet Filters - SUS" filterlist="Outgoing HTTP" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="Terminal Server Rule" policy="Packet Filters - SUS" filterlist="Terminal Server" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="TCP-DNS Rule" policy="Packet Filters - SUS" filterlist="DNS Server TCP" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="UDP-DNS Rule" policy="Packet Filters - SUS" filterlist="DNS Server UDP" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="ICMP Traffic Rule" policy="Packet Filters - SUS" filterlist="ICMP Traffic" kerberos=yes filteraction=SecPermit
netsh ipsec static add rule name="ALL Inbound Traffic Rule" policy="Packet Filters - SUS" filterlist="ALL Inbound Traffic" kerberos=yes filteraction=Block
REM assign filter (alternatively "assign=no" to assign manually)
netsh ipsec static set policy name="Packet Filters - SUS" assign=yes

***End Quote***
0
 

Author Comment

by:995commerce
ID: 13465901
I've looked at that, that's how I built those commands, there are no examples there and I'm stuck, I don't see what's wrong, s  hope someone can correct my syntax
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 

Author Comment

by:995commerce
ID: 13465907
I meant the microsoft link, I think you just posted the info I needed, one sec let me test
0
 

Author Comment

by:995commerce
ID: 13465936
ok, I get nothing when running:

netsh ipsec static add filter filterlist="blockem" srcaddr=66.165.209.107 dstaddr=me protocol=any mirrored="yes" srcport=0 dstport=0

does the srcport=0 dstport=0 cover all ports?

also,

where should I look for the blockem policy? in local ipsec policy?
0
 

Author Comment

by:995commerce
ID: 13465960
ok found it all, all works now when from cmd

Thans! =)
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question