How do I block a specific IP from my server?

IPSec Filtering

First, you will need to open the IPSec snap-in:

Start -> Run -> mmc
File -> Add/Remove Snap-in...
Add...
IP Security Policy Management (Not to be confused with IP Security Monitor)
Local Computer

Highlight 'Security Policies on Local Computer'

In the right pane, right-click and choose 'Create IP Security Policy...'
This will start the IP Security Policy Wizard.
Choose 'Next'
Enter a 'Name:' and 'Description:'
UN-CHECK 'Activate the default response rule.'
Leave 'Edit properties' checked.
and click 'Finish'

Under 'Rules' choose 'Add...' This will start the Security Rule Wizard.

'Next'
This rule does not specify a tunnel.
Local area networks (LAN)
This will open the 'IP Filter List'
Choose 'Add...'
Enter a 'Name:' and 'Description:' *Use the IP as the name for identification purposes.*
Choose 'Add...'
'Next'
'Description:' is optional here, though I'd put the IP to block again...
UN-CHECK 'Mirrored. match packets with the exact opposite source and destination address.'
For 'Source address:' Use the Drop-down to choose 'A specific IP Address' and enter the IP address to IP to be blocked.
'Next'
For 'Destination address:' Use the Drop-down to choose 'My IP Address'
'Next'
For 'Select a protocol type:' leave the drop-down on 'Any'
'Next'
Make sure 'Edit properties' is unchecked and Click 'Finish'

This will return you to the 'IP Filter List' press 'OK' to close it.

You will now see and should select the radial for the filter list you just created.
'Next'
This will open 'Filter Action'
Choose 'Add...'
'Next'
Enter a 'Name:' and 'Description:' This action is simply for blocking traffic so Name it "BLOCK"
'Next'
Select the 'Block' radial
'Next'
Make sure 'Edit properties' is unchecked and Click 'Finish'

This will return you to the 'Filter Action' selection You will now see and should select the radial for the filter action you just created. Make sure 'Edit properties' is unchecked and Click 'Finish'

Click 'OK' to close the Policy you've just created.

The new policy should now show up in the right pane... to activate it, simply right-click and choose 'assign'

More information can be found in this downloadable guide from Microsoft: Windows Firewall with Advanced Security: Step-by-Step Guide: Deploying Windows Firewall and IPsec Policies


Comments

blog comments powered by Disqus