Skip to content

Instantly share code, notes, and snippets.

@Mecanik

Mecanik/Windows - Block all traffic except certain IP's.md

Last active April 4, 2024 08:52
Show Gist options
  • Save Mecanik/3475222d37c6b556b4bc660d68a19d87 to your computer and use it in GitHub Desktop.
Save Mecanik/3475222d37c6b556b4bc660d68a19d87 to your computer and use it in GitHub Desktop.
Download ZIP
Windows - Block all traffic except certain IP's
Raw
Windows - Block all traffic except certain IP's.md

Windows - Block all traffic except certain IP's

These methods have been aquired from several sources around the internet. Having them in one place should help you choose the right method in achieving this goal.

Method 1 (netsh)

The "deny" gets priority over the "allow" , so we cannot deny all IP address. We need to deny all IP address expect special IP address.

If the special IP address is 192.0.2.55, then you can try the below command:

netsh advfirewall firewall add rule name="Allow from 192.0.2.55" dir=in action=allow protocol=ANY remoteip=192.0.2.55 netsh advfirewall firewall add rule name="Deny from all" dir=in action=block protocol=ANY remoteip=1.1.1.1-192.0.2.54,192.0.2.56-255.255.255.255

Method 2 (Windows Firewall)

  1. Configure Windows Firewall to block all outgoing traffic by default, and then only allow the incoming connection(s) you want.
  2. Click on Windows Firewall with Advanced Security in the left pane, and choose Windows Firewall Properties from the right pane. Next to Outbound connections, choose Block. Then, click OK. and then delete the block all outgoing traffic rule

Method 3 (IPSec)

  1. Click Start and type MMC then select the MMC from the list.
  2. Click File -> Add/Remove Snap-In -> Add the IP Security Policy Snap-In and Click Ok
  3. Right Click on the middle section and click "Create IP Security Policy"
  4. Follow through the first wizard with the defaults giving the name/description you want.
  5. With the Windows that opens after the first wizard click "Add..."
  6. Click "Next" x3 and then click "Add..."
  7. Give the name of "Block All" or something similar. Click "Add..."
  8. Run through that wizard keeping all the defaults and click "OK"
  9. Select "Block All" and click "Next" and then "Add..." again
  10. Follow the wizard giving the name of "Block" and select "Block" as the action.
  11. Repeat Steps 5-10 selecting the proper source/destination/protocol and selecting "Permit" in Step 10.

Method 4 (GPO)

https://www.mustbegeek.com/configure-windows-firewall-rule-using-group-policy/

Extra

Logging:

netsh advfirewall set currentprofile logging filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log
netsh advfirewall set currentprofile logging maxfilesize 4096
netsh advfirewall set currentprofile logging droppedconnections enable
netsh advfirewall set currentprofile logging allowedconnections enable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment