List1, List2: RRAS IP filter settings (use netsh -c routing -f ) add interface name="Internal (Bottom)" state=enable set filter name="Internal (Bottom)" filtertype=OUTPUT action=DROP add filter name="Internal (Bottom)" filtertype=OUTPUT srcaddr=192.168.1.2 srcmask=255.255.255.255 dstaddr=10.0.0.0 dstmask=255.0.0.0 proto=TCP-EST srcport=3389 dstport=0 add filter name="Internal (Bottom)" filtertype=OUTPUT srcaddr=0.0.0.0 srcmask=0.0.0.0 dstaddr=0.0.0.0 dstmask=0.0.0.0 proto=UDP srcport=0 dstport=53 add filter name="Internal (Bottom)" filtertype=OUTPUT srcaddr=0.0.0.0 srcmask=0.0.0.0 dstaddr=0.0.0.0 dstmask=0.0.0.0 proto=UDP srcport=0 dstport=389 add filter name="Internal (Bottom)" filtertype=OUTPUT srcaddr=0.0.0.0 srcmask=0.0.0.0 dstaddr=0.0.0.0 dstmask=0.0.0.0 proto=TCP srcport=0 dstport=389 add filter name="Internal (Bottom)" filtertype=OUTPUT srcaddr=0.0.0.0 srcmask=0.0.0.0 dstaddr=0.0.0.0 dstmask=0.0.0.0 proto=TCP srcport=0 dstport=135 add filter name="Internal (Bottom)" filtertype=OUTPUT srcaddr=0.0.0.0 srcmask=0.0.0.0 dstaddr=0.0.0.0 dstmask=0.0.0.0 proto=TCP srcport=0 dstport=445 add filter name="Internal (Bottom)" filtertype=OUTPUT srcaddr=0.0.0.0 srcmask=0.0.0.0 dstaddr=0.0.0.0 dstmask=0.0.0.0 proto=UDP srcport=0 dstport=88 add filter name="Internal (Bottom)" filtertype=OUTPUT srcaddr=0.0.0.0 srcmask=0.0.0.0 dstaddr=0.0.0.0 dstmask=0.0.0.0 proto=UDP srcport=0 dstport=123 add filter name="Internal (Bottom)" filtertype=OUTPUT srcaddr=0.0.0.0 srcmask=0.0.0.0 dstaddr=0.0.0.0 dstmask=0.0.0.0 proto=TCP srcport=0 dstport=1026 add filter name="Internal (Bottom)" filtertype=OUTPUT srcaddr=0.0.0.0 srcmask=0.0.0.0 dstaddr=0.0.0.0 dstmask=0.0.0.0 proto=ICMP type=255 code=255 set filter name="Internal (Bottom)" fragcheck=enable add interface name="DMZ (Mid)" state=enable set filter name="DMZ (Mid)" filtertype=INPUT action=DROP add filter name="DMZ (Mid)" filtertype=INPUT srcaddr=192.168.1.0 srcmask=255.255.255.0 dstaddr=10.1.1.2 dstmask=255.255.255.255 proto=ANY add filter name="DMZ (Mid)" filtertype=INPUT srcaddr=192.1.1.2 srcmask=255.255.255.255 dstaddr=0.0.0.0 dstmask=0.0.0.0 proto=TCP-EST srcport=3389 dstport=0 add filter name="DMZ (Mid)" filtertype=INPUT srcaddr=192.168.1.2 srcmask=255.255.255.255 dstaddr=192.168.1.1 dstmask=255.255.255.255 proto=TCP srcport=0 dstport=0 set filter name="DMZ (Mid)" fragcheck=enable List 3: IPsec policy settings for terminal server ipsecpol -w REG -p "Packet Filter" -r "DNS Client" -f 192.168.1.2+*:53:TCP -f 192.168.1.2+*:53:UDP -n PASS ipsecpol -w REG -p "Packet Filter" -r "CIFS Client" -f 192.168.1.2+*:445:TCP -f 192.168.1.2+*:445:UDP -n PASS ipsecpol -w REG -p "Packet Filter" -r "RPC Client" -f 192.168.1.2+*:135:TCP -f 192.168.1.2+*:135:UDP -n PASS ipsecpol -w REG -p "Packet Filter" -r "Additional RPC Ports" -f 192.168.1.2+*:1026:TCP -n PASS ipsecpol -w REG -p "Packet Filter" -r "NTP Client" -f 192.168.1.2+*:123:TCP -f 192.168.1.2+*:123:UDP -n PASS ipsecpol -w REG -p "Packet Filter" -r "LDAP Client" -f 192.168.1.2+*:389:TCP -f 192.168.1.2+*:389:UDP -n PASS ipsecpol -w REG -p "Packet Filter" -r "Kerberos Client" -f 192.168.1.2+*:88:TCP -f 192.168.1.2+*:88:UDP -n PASS ipsecpol -w REG -p "Packet Filter" -r "Terminal Server" -f *+192.168.1.2:3389:TCP -f -n PASS ipsecpol -w REG -p "Packet Filter" -r "Proxy Client" -f 192.168.1.2+*:8080:TCP -n PASS ipsecpol -w REG -p "Packet Filter" -r "ICMP" -f 192.168.1.2+*:*:ICMP -f *+192.168.1.2:*:ICMP -n PASS ipsecpol -w REG -p "Packet Filter" -r "All Inbound Traffic" -f *+192.168.1.2 -n BLOCK ipsecpol -w REG -p "Packet Filter" -x