RE: Host based IP ACL like TCPWrapper or IP_Filter, but for NT?

["James D. Wilson" <netsurf () sersol com>]

Interix (was OpenNT) runs on top of the NT Kernel doing POSIX Unix and
has recently ported TCP Wrappers, inetd, sendmail, telnetd, ftpd,
syslogd, and a variety of other apps.  This gives you the ability to
do some of your filtering on the Unix side of your NT Server if you
want.

-
James D. Wilson
"non sunt multiplicanda entia praeter necessitatem"
William of Ockham (1285-1347/49)


-----Original Message-----
From: owner-firewall-wizards () nfr net
[mailto:owner-firewall-wizards () nfr net]On Behalf Of
Bill_Royds () pch gc ca
Sent: Sunday, May 30, 1999 4:54 AM
To: Alan Morewood
Cc: firewall-wizards () nfr net
Subject: Re: Host based IP ACL like TCPWrapper or IP_Filter, but for
NT?







"Alan Morewood" <morewood () on bell ca> on 05/26/99 01:41:09 PM

Please respond to "Alan Morewood" <morewood () on bell ca>

To:   firewall-wizards () nfr net
cc:    (bcc: Bill Royds/HullOttawa/PCH/CA)
Subject:  Host based IP ACL like TCPWrapper or IP_Filter, but for NT?




Does anyone have ideas as to a feasible solution for doing IP ACL
restrictions on a DMZ host?  Or does this seem excessive considering
2-factor authentication is to be used.

details as follows:

<snip a good explanaition of the situation>

NT has no direct IP_Filter equivalent, although there is at least one
option
of which I am aware.


---------------------------------------------




NT has the ability to restrict ports that can be used by machine in
Control
Panel/Networks/Protocols/Advanced settings.

As well, have you looked at things like the ConSeal firewall
(http://www.signal.com) whcih fit between the Ethernet layer and
TCP/IP stack to
enforce a security policy?
THis would seem like the closest to TCPWrappers for NT and it even
validates
UDP/ICMP as well.