Win 7 Firewall rules for lab exam environment
Hi, I'm trying to figured out a way to configure Windows 7 firewall rules via GPO for the following environment:
- Local account only, no domain accounts (this is easy via GPO)
- Need access to one web server that serves the exam
- Need access to CAS, DNS, and AD machines
- Do not block traffic from specific machines used for administration.
- Block everything else.
In Linux and Mac this is relatively easy using iptables and ipfw respectively:
- allow all out going traffic
- restrict incoming to be allowed from only specific IP addresses.
I can not see a way to configure a rule to be applied to all incoming traffic and not just incoming connections (connections initiated from an external source). I considering the following configuration:
- Block all incoming connections unless matched by a rule
- Block all outgoing connections unless matched by a rule
- Add rules for the following:
- - Allow all DHCP (UDP, ports 67 & 68)
- - Allow all traffic to our DNS servers (I have a list of these)
- - Allow all traffic to our CAS servers (I have a list of these)
- - Allow all traffic to our AD servers (I have to get a list of these)
- - Allow all traffic to our exam server
- - Allow all traffic from our administration servers
Does this sound reasonable? Is it possible with Windows 7 firewall? Has anybody done this?
Note: I have read similar posting regarding ISA servers, network firewalls, etc. We are on a large campus and I do not have configuration access to our network equipment including proxies, content filters, etc. Hence why I'm trying just to use the Windows 7 firewall rules if possible.