How do I block traffic using a firewall on Windows?

Post Reply
User avatar
Edge100x
Founder
Founder
Posts: 12945
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

How do I block traffic using a firewall on Windows?

Post by Edge100x »

On Windows 2008 R2, you can enable the Windows firewall:
  1. Click "Start".
  2. Type "cmd.exe" and hit enter.
  3. In the box, type or copy+paste these commands to enable the firewall while allowing all connections by default:

    Code: Select all

    netsh advfirewall set publicprofile firewallpolicy allowinbound,allowoutbound
    netsh advfirewall set publicprofile state on
    
  4. Enter a firewall rule for your desired behavior. For instance, to block a certain IP, you might use (all on one line):

    Code: Select all

    netsh advfirewall firewall add rule name="block 62.131.74.12" dir=in remoteip=62.131.74.12 action=block
    
    Or to block a certain destination port, you might use:

    Code: Select all

    netsh advfirewall firewall add rule name="block port 27015" dir=in protocol=udp localport=27015 action=block
    
    To delete rules, you can use other commands, or the "Windows Firewall with Advanced Security" dialog. For instance, to show rules that have been previously created (including the default Windows rules, which you can safely remove), use this command:

    Code: Select all

    netsh advfirewall firewall show rule name=all
    For a list of overall commands, just type "netsh advfirewall firewall" or the more specific section that you want to view information on, such as "netsh advfirewall firewall add rule".
On Windows 2003, one way of doing it is to enable ipsec and then add your rules:
  1. Download the ipseccmd.exe utility and put it in your "c:\Windows\system32" folder.
  2. Click Start->Run and type "cmd.exe".
  3. At the command prompt, enter desired rules. For instance, to block a specific IP, you might use:

    Code: Select all

    ipseccmd -f "0+192.168.1.*"
    
    The "-f" means that we are adding a rule to the default set.
    The "0" means that on the sender (source) we are looking at all local IPs. Similarly, "*" would mean any ips.
    The "192.168.1.*" means that on the receiver (destination) we are looking at any IPs fitting the wildcard. It also allows masks, like 192.168.1.255/255.255.255.0, or for a single IP, like 192.168.1.1.
    The "+" means that this rule should be applied in both directions (use "=" if you just want one direction).

    To clear all rules use this:

    Code: Select all

    ipseccmd -u
    You can also allow or block access to certain ports/protocols. For instance, this would allow connections from TCP port 80 locally to any TCP port on 192.18.1.30:

    Code: Select all

    ipseccmd -f "(0:80=192.168.1.30::tcp)"
    The parentheses here mean allow, and the port and protocol are separated by colons. Brackets -- [] -- are a synonym for block.

    Specifying a port number of "0" blocks all ports, just as "0" blocks all IPs.

    More information can be found with:

    Code: Select all

    ipseccmd -?
    To see a list of filters:

    Code: Select all

    ipseccmd show filters
Post Reply