Installing Windows IPsec Firewall

Written by Mark Sanborn: Dec 4, 2008

Just recently I found a post that described using the ipseccmd in Windows. I honestly had no idea that this tool existed for Windows. I found this article while searching for a way to block outgoing traffic on the local computer as apposed to making firewall policies. This was the perfect solution for network testing, forcing productivity, optimization and security in Windows.

To get the firewall for Windows you will need to download, Windows Support Tools. When installing make sure you select the complete option.

Security and Optimization

In the firewall world security and optimziation goes hand in hand. Spyware applications will absolutely eat a computer alive with useless communication and sneaky transfers. Turning off ports provides extra security and blocks these applications from communicating thus making your internet faster and reducing ping latency. In many games latency is the difference between life and death, especially in first person shooters. While playing these games you cannot afford to have other programs transferring data.

It is not always spyware causing problems, sometimes it is legitimate traffic simply running at the wrong times. Windows will decide to do an automatic update (if you have it turned on), or other applications you may installed might hog your bandwidth and sky rocket your ping times. With IPsec you can turn everything off except the game.

Disabling internet service

The following command will disable all outgoing traffic:

cd "c:\Program Files/Support Tools" ipseccmd -f [0=*:*:*]

Once everything is disabled you will want to allow outgoing traffic for your game. Simply add the port to the allow list like this:

ipseccmd -f (0=*:27016:TCP)

If you look up games by hostname/dns you will need to open up port 53 UDP as well.

Forcing Productivity

Maybe you just want to be more productive and don’t want to be distracted by IMs and the temptation to check your email. You can disable all traffic except SSH traffic port 22 for web development like this:

ipseccmd -f [0=*:*:*] ipseccmd -f (0=*:22:TCP)

To add access to FTP you can add:

ipseccmd -f (0=*:21:TCP)

If you wanted you could place these commands in a .bat file and have them run at specific intervals effectively turning off your internet at scheduled times.

Reverting changes

If you want to undo all the changes to the default firewall changes just throw down this command.

ipseccmd -u

Need to print shipping labels on your site?

Checkout my product RocketShipIt for simple easy-to-use developer tools for UPS™ FedEx™ USPS™ and more.

Share: