
                                   IPF v1.0

                                      by

                           Doc Holiday & van Hauser

                       http://www.thehackerschoice.com


INTRODUCTION
------------

Windows NT 4.0 and Windows 2000 operating systems have the capability of
packet filtering, which can be set up with the graphical interface at the
network properties. 

A big disadvantage is, that there is no possibility for a configuration
of the packet filter from the command line, so that a script based setup
is not possible.

To fill this gap, IPF was written. It's a command line tool for configuring
the packet filter of a NT4/W2K box.

A few simple commands give you the power of script based configuration of
the packet filter. You can use it for example to provide all the workstations
of your network with a configured "on-board" firewall, installed by a
logon-script.


WIN PACKET FILTERING
--------------------

Both operating system, windows nt 4.0 and windows 2000 have a build-in
packet filter, which can be used as a basic firewall for protecting the
local system.

You can configure the packet filter at the network settings for each
interface separate, whereby Enabling/Disabling packetfiltering is dedicated
to all interfaces.

Once the filter is activated, all TCP, UDP ports and protocols are allowed
per default, and you have to configure the system to permit only
selected ports and protocols.

Packet filtering only works for packets, destinated to the local host.
This means if ip forwarding is enabled, systems behind your NT-system are not
protected by the packet filtering. This is a "feature" of Microsoft.


Misc.
=====

- At this time IPF supports only global policies (for all) interfaces.
  So if you want to configure interfaces differently, you have to wait for
  the next release :)

- Changings on the packet filter ruleset require a reboot :( - well Microsoft
  users are used to this.

- Users of Windows 2000 should use the more advanced ipsec-filtering, which
  doesn't require a reboot!


GREETINGS
---------

Greetings are going to....vax, Whyking, Kl0N, all the THC members,
hendy and all the people of TESO and the potential new THC members,
standing in the queue :)
