Information Technology Reference
In-Depth Information
Using VBScript
This code configures a TCP/IP filter that will only allow TCP traffic on port 80. To enable
TCP/IP filtering, use the script in Recipe 1-18.
' ------ SCRIPT CONFIGURATION ------
Const ALLOW_ALL = 0
Const HTTP = 80
TCPPorts = Array(HTTP)
UDPPorts = Array(ALLOW_ALL)
IPProtocols = Array(ALLOW_ALL)
strComputer = "."
' ------ END CONFIGURATION ---------
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set nics = objWMIService.ExecQuery _
("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
For Each nic in nics
intPorts = nic.EnableIPSec(TCPPorts, UDPPorts, IPProtocols)
If intPorts = 0 Then
WScript.Echo "Success! Filtering enabled for TCP port 80."
ElseIf intIPSecReturn = 1 Then
WScript.Echo "Success! Filtering enabled for TCP port 80, please reboot!"
Else
WScript.Echo "Error! Unable to enable IP filtering for TCP port 80."
End If
Next
How It Works
Unlike Internet Protocol Security (IPSec), which provides granular control over the kinds of
traffic that can pass over a particular interface, TCP/IP filtering only allows for the most basic
“all-or-nothing” filtering for any interface on which it is enabled. (TCP/IP filtering was used in
earlier versions of the Windows Server operating systems to provide basic filtering capabilities
before the development of ICF and the Windows Firewall.) TCP/IP filtering will filter the following
types of network traffic:
TCP traffic
UDP traffic
IP traffic
In all three cases, TCP/IP filtering will either allow
all
traffic to pass through, or only the
specific ports or protocols that you allow. So if you configure TCP/IP filtering to allow only port
80 for TCP traffic, then any traffic destined for an FTP server on port 21 or an HTTPS resource
on port 443 will not reach the local computer—only HTTP traffic will be accepted once this
filter is in place. In Chapter 7 we will look at the use of IPSec to create much more granular
