You can use ipsec filtering as a packet filter firewall but I much prefer a free
firewall such as Sygate or Zone Alarm for that purpose. Sygate has some very nice
logging capabilities. If you really insist the link below may be helpful. I usually
start with a mirrored block all IP rule, then add a mirrored permit all rule for the
lan subnet [if any] and then add the mirrored outbound permitted entries to the
permitted filter such as dns, http, and https [53udp/80tcp/443tcp]. I personally
prefer a perimeter firewall - even one of the cheap nat routers if using cable or dsl
is used and then use the ipsec/software solution as a second line of defense. ---
Steve
http://www.securityfocus.com/infocus/1559