12

Block IP Address or Range Using Windows Firewall

We have a Windows Server, that from time to time, gets hit by an IP address over and over again. We can see it in our Windows Event Logs. That IP address is probably up to no good. As a result, it is time to block IP address or IP range. Here is how we do it;

  • Service Manager -> windows firewall with advanced security ->Inbound Rules
    block IP address
    You can also get there by Start -> administrative tools > windows firewall with advanced security
  • New Rule
    SM_NewRule
  • Now follow these screen shots
    SM_1 

    sm_2sm_3

    sm_4
    sm_5
    sm_6

    sm_7

  • After you click finish, you can view your new rule
    sm_Final

 

 

Click Here to Leave a Comment Below 12 comments
blod - April 5, 2014

Did you test this?

When I tried to block everything from every IP address, I could still ping and log into the server! o.O

Reply
    Mark Perry - April 7, 2014

    hmmmmmm. Are you using a Windows Server or something else?

    Reply
blod - April 5, 2014

**The answer is to reset the Firewall rules to default.**

I had a new Dell computer, just it’s pre-installed rubbish, I un-installed McAfee replacing it with Windows Antivirus, and did all Windows updates, and installed Apache server, and no matter what I did I could not get the Firewall rules to work until I reset them to default!

Reply
    irrelevant - October 25, 2016

    Thanks. Was my problem too. Fairly surprised as i assumed a block rule should win over any allow rule..

    Reply
longbeach centaur - January 15, 2015

You have to ensure that the Windows Firewall Service is running (Automatic and Started by default) and that the Firewall status is enabled.

Reply
Reza - February 1, 2015

Very Nice !
So thanks 😉

Reply
JNagarya - May 2, 2015

Once I figured out that one is not to click on the buttons at the bottom of the menu, but instead have to click on the word “Action” in the left pane, it worked.

Reply
Glaucius - May 28, 2015

If you want to block ping from your computer, you must create the same rule in “Outbound rules”.

Reply
M I K E - July 26, 2015

wow great i tried this tutorial and it works, block all the users not allowed in my server. great help!

Reply
efheuibhfuiaebf - February 20, 2017

Look and LISTEN; It works but.. .yes but It doesn’t; If you do not have these settings.

If you want to know my meaning listen carefully now;

Okay go into the firewall select or click the [Advanced button]

Now your in the right location, Okay say you have set up all your ip’s that you want; to get block; But, they are not being blocked, here is WHY.

I’ll explain. Like I said do as I explained above but DO NOT leave the Advanced page, This means DO NOT click on any other area other then the one I am about to tell you, IN THE LEFT PANE you’ll notice Domain etc …right? Okay; So now keep looking down till you come across a highlighted blue word phrase it is or will be as follows:

[windows firewall properties]

CLICK THAT; NOW you are in the correct place.

OKAY now… we can begin.

First you’ll be on the domain page after clicking on windows firewall properties.

So lets start with it. NOW here is what I was talking about and why….. your settings even though they are correctly made and in the proper place in inbound and outbound connection areas; THIS right here is why they will not work. You may have noticed already, The firewall says it It clearly states in the previous page before you clicked the windows firewall properties. It said in the page before clicking that:

Domain:

Then under this you will or maybe you didn’t and this is why your rules are not working!

Under Domain it says:

Inbound connections not matching this/ or these rules etc are….. ALLOWED. There you go. that is why they are not working! I did the same for years. then I recalled how I got them to work. You simple do as I have stated.. again go back into or if you never left WINDOWS FIREWALL PROPERTIES; now

look at what tab you are on, Now I’ll tell you my settings and they work. This is why.

First lets cover Domain, And NO you do not need to allow these for any other reason unless you are on a Domain, like work or server like are doing web pages so forth, if you are just at home etc NO so blocking this connection type (Again I will state… WILL! NOT! DO ANYTHING TO YOUR CONNECTION… mmk.
it is for work places and such. I don’t care what Chris Paparealo or what his name is… says; It’s bull shit.

Anyway on to REAL stuff.

So now you see the TAB you are on it should be one of these:

1st: Domain Profile;

Here it will say

State;
Firewall state: On Recommended (YES! Of course, AGAIN I am not telling anyone to shut it off, I am merely stating that someone telling you to allow this sort of traffic for the shire dumb of it isn’t a good choice. Leave it ON, but look lower now.) You’ll notice below it says this .. and this is key also.

Oh and you to should set this to these settings other wise your leaving your firewall wide open.. YES EVEN IF you set it to BLOCK ALL it won’t work. I’ll tell you why AFTER.

Inbound Connections: Block (Default)
ME: Why?! Beaucse if you set it to block all comunications it ignores all set rules and block too much. You can of course set it as this but some things may no longer work correctly, I know that’s a windows saying but it does happen, So up to you but safeest settings are that; either full blcok or rule block which is (Default)

NOW

Outbound Connection: Block

ME: YES BLOCK, nothing more or less, this will stop hackers also from doing that DDOS attck, HOW easy stop your computer from sending out Tons of GIGABYTES of info that is also another reason why some .. some of these guys like him like to tell you other wise, hackers also like to trick you you know, trick you into a false sense of security -_-

moving on.
NEXT TAB..

Okay if you want a pretty safe secure Firewall same thing..

Inbound block outblound block.. I don’t care if it isn’t the DEFAULT.. you do it. Otehr wise your not protected.
the rules you set will not work. Aside from one which you can leave normal … like default or worse which is the outbound for Public or Private .. this will depend on which connection your firewall says it is connected to. Okay? 🙂 okay.. I hope this has helped if any a few people figure this what I found to be rather confusion set of rules and settings. I think Microsoft needs to start letting a HUMAN explain and or put in help files … instead of letting computers write them .. if they don’t then MY god. Who the hell writes this shit?

Who the could understand that? :S not me.

So anyway… hope you have set in all tabs the first three that is the Domain; the Private and the Public.

Inbound: block
Outbound block (Only set this one to Allow on the connection that your firewall is connecting to)

It’ll be either Private or public.
This is to keep your out going connection alive and most the time the rules set (Unless you are really in the know and know how to set up outgoing connections really well) will end up blocking the connection.

Like I said, unless you know the ports scope etc ip all that .. so yeah three things that will be a must to know, knowing one of these is hard enough, ports okay fine but if the other two are out then your connection will fail so it is pretty tough to figure out, I had done it once apon a time .. when I had like two weeks of free time on my hands. Takes time to figure out what ip uses what port and they may change ports or scopes.. so yeah i don’t recommend this.

You can however do it in a few days .. 🙂 IF.. you don’t mind sitting up for 16-24 hours watching traffic…. I mean internet traffic that is. Yeah I know seems sort of hackery? right? well that’s what they do, to beat one gotta think like one. 😉

It’s not but here’s what you do. Now mind you this is trial and error, like you’ll have no connection what so ever at any given time so MAKE SURE… you get any much needed info apps progams off the net before hand… mmmmmk. k. SO then now what you do is GO back into these firewall settings and set them all to block then starts the real fun blah.. finding the right combinations for each port scope and ip. You can do so by first allowing all out and then tweaking the outbound rules a bit .. disconnect your internet from inside windows like a refresh really, now re-enable it. Then block the firewall. What this does is tests that rule and how it effects your connection.. See 🙂 EASY huh 😀

anyone can do it. that’s why I said I had time on my hands something the system doesn’t like about those who are free.

Hope that helps someone and yeah.. bye. 🙂
be safe out there. Try to avoid non https:// sites… like http:// they are not safe sites.

Reply
    prince wiafe - June 28, 2017

    thanks man…you have really helped me. There is this hacker with a particular IP Address whom have been tormenting my life and robbing my bitcoins. But thanks to you and cm3 solutions i have finally been able to block his/her ass up

    Reply
Wayne - April 22, 2017

To the person that posted the above last comment
efheuibhfuiaebf
DUDE, what in the hell are you trying to say?
You were writing what was in your head, and not what needed to be said.
Learn how to write, and DO NOT write what you are THINKING, as it is going to come out like what you just wrote.

A bunch of damn gibberish.

Reply

Leave a Reply: