I want to set up an IP security policy that does the following. I think I can do this but i'm struggling with how precedence works with the rules. In particular for this ..... Block everything IP,Port, protocol Allow web server requests HTTP TCP 80 But deny certain subnets HTTP TCP 80 Allow SMTP TCP 25 But deny certain subnets SMTP TCP 25 I'm using ipseccmd this would seem to block all ipseccmd -w REG -p "Firewalled 001" -r "Block all" -f *+0 -n BLOCK and this should open 80 ipseccmd -w REG -p "Firewalled 001" -r "Allow Http" -f *::TCP+0:80:TCP -n PASS but I can't get it to work. and if I add in the block after would the previous PASS have already let them through?
I've worked it out after a considerable amount of experimenting and googling. IP Security Policies are applied and then if a more specific policy rule is applied this over rides the previous so if I blanket block any IP to any IP then specificy that I allow local IP to any IP this is more specific so overrides it. If i then specify that a particular subnet is blocked this over rides the previous as it again is more specific.
Now I've some up against another hitch.... I can only seem to add around 100 filters per ipseccmd otherwise it says the command line is too long. But I need to add somewhere in the order of 3000 or even more. Is there a way I can append filters to a previously created rule? Maybe this isn't the best way to be blocking large numbers of subnets?