> HI, Im interested in the posibility of editing by hand the firewall
> rules in
> a Windows 2000 Box such as firewall rules in Linux using Ipchains /
> iptables;
> on the other hand, if W2k doesn't have any commands for editing the
> rules i
> would like to know where does the system store the firewall
> configuration
> rules: is it in a plain text file ? in a section of the registry ?

I am not exactly sure of what you are after or what you know of Win2K
core services but as far as I know, Windows 2000 have three ways of
filtering ports:

1. TCP/IP Filters.
2. IPSec Filters.
3. RRAS Filters.

I know a little from automated securing of IIS servers, where we use
TCP/IP filtering and IPSec for port filtering, and this is what I came up
with:

1. TCP/IP Filters.
I know of no command line utilities to edit these entries.
Except registry edit tools.

The configuration info is stored in theese keys and values:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
REG_DWORD Value: EnableSecurityFilters
       0 = Disabled
       1 = Enabled
Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inte
rfaces\<GUID for nettadapter>
REG_MULTI_SZ Value: TCPAllowedPorts
REG_MULTI_SZ Value: UDPAllowedPorts
REG_MULTI_SZ Value: RawIPAllowedProtocols

You can get the GUID from:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\NetworkCards\<netcardnumber>
REG_SZ Value: ServiceName

2. IPSec Filters.
Windows 2000 Resource Kit have a CLI tool called IPSecpol.exe. You can
download it from:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/ipsecp
ol-o.asp

All IPSec configuration is stored in:
Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local

If anyone can elaborate on this I would be very interested.

Hans O. Martinsen
MCSE

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]