筛选和RRAS [英] Filtering and RRAS

问题描述

您好，
甚至在阅读此线程后，我对过滤和RRAS仍然存在一些疑问:http://social.msdn.microsoft.com/Forums/en-US/wfp/thread/01aa7107- f115-4403-b905-a873c90b06e2?persist = True.我想知道是否有一种方法可以将默认"设置为除非我安装了允许它们的过滤器，否则将丢弃所有由RRAS处理(在其子层上)的数据包的规则.

当前，如果需要丢弃数据包，则必须在服务器管理器的RRAS区域中插入一条规则，并用自己的过滤器覆盖它.我应该在哪层安装此过滤器?

Hello,
    I had some questions regarding filtering and the RRAS which lingered even after reading this thread: http://social.msdn.microsoft.com/Forums/en-US/wfp/thread/01aa7107-f115-4403-b905-a873c90b06e2?persist=True. I would like to know if there is a way to set a "default" rule to drop all packets handled by the RRAS (on it's sublayer) unless I have installed a filter to permit them.

Currently, if I need to drop packets, I have to insert a rule in the RRAS area of the Server Manager, and have to override it with my own filters. Which layers should I install this filter in? Is there another way about this?

推荐答案

我认为RRAS没有子层.  无论如何，您都应该在自己的子层中.您可以像在另一篇文章中提到的Biao一样，在FORWARD图层上创建一个过滤器.我想您可以创建一个过滤器，该过滤器阻止所有内容，然后创建一堆特定的过滤器以允许某些内容，并且只要允许的内容更加具体，它们便会生效.  但是，您也可以将其作为防火墙规则来执行，这比为其编写WFP驱动程序要简单得多.

I don't think RRAS has a sublayer.  You should be in your own sublayer anyway.  You can create a filter at the FORWARD layer like Biao mentioned on that other post.  I suppose you could create one filter that blocks everything and then a bunch of specific ones to allow certain things, and as long as the allow ones are more specific, they should take effect.  However, you could also do this as firewall rules which is way simpler than writing a WFP driver for it.

这篇关于筛选和RRAS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！