«

I would like to know what (if any) security risks there are in the following
set up.

My pc running WinXP pro behind NAT router with firewall running (dos, ping
of death protection etc). Also, Zone alarm running.

Router:

A range of incoming ports forwarded for game server (udp).
A filter rule blocking all incoming ports and all protocols (dependent on
further rules)
A filter rule allowing one ip access to udp ports for game server.
Ip above set to trused zone in zone alarm. Game set in Zone alarm as trusted
server only (no internet server)

A router filter rule allowing one ip access to everything (not always on
(but would like it to be)). The reason for this rule is that I connect to
work VPN via PPTP and MS client and the rule blocking all, blocks the VPN
protocol unfortunately.


The routers filter doesnt have a GRE protocol option (if I remeber the name
right?) but when I "block all", it blocks this by default. Im not sure if
this would work but would I be better leaving this unblocked (i.e. block the
other protocols individually), rather than allowing one ip access to
everything (there is no risk from that ip, but concerned about ip spoofing
which I dont really understand).

I hope all that makes sense. I am really looking for any advice on the best
config for this and am interested in learning what security holes I have
left open.

Thanks

Stuart