Limiting connection scope

Take the packet filter in Windows' kernel.

You don't need a product at all for this purpose. Just modify the routing table, and have a single host route to this box only.

Yours, VB.

Thanks Volker, but I don't think this will achieve what I'm looking for. We want to prevent a workstation from connecting to any hosts other than the intended one. Isn't the routing table dynamic? Even if we edit it, won't it get re-written?

If you don't have routing protocols: no.

Yours, VB.

assuming the workstation is not running OSPF or RIP or other dynamic routing protocol, then no, it is not really dynamic. (OK< It CAN change if it gets an ICMP redirect sent to it, but how likely is that?)

So for instance, (assuming it is a windows box) and you want to blackhole all connections to 192.168.xx.xx local nets, you could do something like "route add 192.168.0.0 MASK 255.255.0.0 "

Can be disabled easily.

But unlikely enough that I wouldn't bother.

Ipsec policies will do that for you. Setup the filters so your workstation can only connect to one destination.

Wayne McGlinn Brisbane, Oz

On Fri, 5 May 2006 09:27:39 +1000, Wayne spoketh

If there's Domain Authentication involved, remember to allow connections to a DC and DNS server.

Lars M. Hansen

Does that require connection via Ipsec to those services?

Try reading the following:

Thanks Wayne. :-)

Thanks everyone for your responses to this.