1

I setup a windows 2008 server for some internal stuff (file sharing, sql server, etc). I only need to access the machine from computers that are inside the network. What is the best/easiest way to block all outgoing and incoming traffic on the server?

LapTop006
  • 6,496
  • 20
  • 26
  • Did any of these posts solve your problem? You can mark one as an answer if it resolved your issue. – Wesley Apr 08 '10 at 17:44
  • David, did you ever get the answer to your question? If so, you can mark one of the posts below as an accepted answer so that other people reading will know what worked. – Wesley Apr 23 '10 at 03:43

3 Answers3

2

Putting it inside the trusted interface of your firewall should do it.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
1

I suppose if you're feeling very paranoid (I say that as an entirely positive thing), you could block any external communication to/from that server's static IP on the firewall. Of course then you have to plan for how it'lll get windows updates. MarkM's answer is what you're looking for, most likely.

Kara Marfia
  • 7,892
  • 5
  • 33
  • 57
0

Using windows firewall, block all but your local subnet from communicating with it. This might have some unintended consequences such as not being able to update or get the proper time unless you provide those services internally.

Super-quick-and-dirty: Change the default gateway on the server to a nonesense address. Things on a non-local subnet could send packets to it, but no response could make it out. So I suppose that's only half secure since technically something could possibly buffer-overflow the server and inject an infection which could then change the default gateway... but it reduces the risk significantly. Depending on your circumstance and how many tinfoil hats you have in your closet, it might be enough. =)

Wesley
  • 32,690
  • 9
  • 82
  • 117
  • Both those options are pretty messy and will make it hard to do things like access the internet or install updates. – einstiien Apr 06 '10 at 23:31
  • I'm not sure I agree. It seems to fit the OP's criterion for **"What is the best/easiest way to block all outgoing and incoming traffic on the server?"** Okay, maybe not the **best** way, but certainly two of the **easiest**. =) What would your better suggestion(s) be? Toss an answer into David's thread... plenty of points to be had and info to be spread. – Wesley Apr 07 '10 at 00:46
  • 2
    Servers should *never* web-browse, and an internal update server on the LAN isn't unusual. – Kara Marfia Apr 07 '10 at 03:31