StevensNet.com

...Because someone's gotta tell the story...

Blogs

To return to the main Blog List, click Full Blog Listing.

Tags

Firewall
Group Policy
Opinion
Technical
Troubleshooting
Windows

Creating external firewall rules

Thursday, April 21, 2016 in Technical Articles (Views: 1284)
One thing I love about Group Policy and have for so many years is the ability to configure and manage Windows. Then in 2003, WMI filters were added to 2000's security features. And then 2008, Preferences. This was one of my favorite features.

Sometimes though you have to make do with good old command line. Even though GPO allows setting of the firewall for inbound, it doesn't make a great option to block outbound traffic.

The problem I am trying to solve today: Blocking traffic from one server host to another. I am building a kiosk and want to make sure it doesn't talk to my main file shares.

So, netsh to the rescue, an oldie but goodie. To do a basic block traffic query (all traffic) to a host, use this command line:

Let's assume the following:
Server Name: Server1
Server IP: 192.168.1.5
We are blocking all ports over all protocols

netsh advfirewall firewall add rule name="Server1 Traffic" dir=out protocol=any localport=any action=block remoteip=192.168.1.5

Now, not all the parameters are needed, as some such as protocol and localport are set to "any" by default. So, you can make it look like the following:

netsh advfirewall firewall add rule name="Server1 Traffic" dir=out action=block remoteip=192.168.1.5

Keep in mind that this only creates new rules. So if you run the above command twice, you create two rules. What if you want to change it? Use the set rule with the new parameter as below. For this rule, I am going to allow traffic

netsh advfirewall firewall set rule name="Server1 Traffic" new dir=out action=allow remoteip=192.168.1.5

Conflicting Rules
So, the above - I changed the block to allow. What if I wanted to block 192.168.1.0/24 and wanted to open up .5? You cannot set up a block and then another rule to allow.

You either have to do one of the following:
  • Change the rule to allow
  • Delete the original rule
  • Disable the orignal rule


To delete the rule:
netsh advfirewall firewall delete rule name="Server1 Traffic"


Running the rule with the block will show the following:
C:\WINDOWS\system32>ping 192.168.1.5

Pinging 192.168.1.5 with 32 bytes of data:
General failure.
General failure.

Of course, the allow...
C:\WINDOWS\system32>ping 192.168.1.5

Pinging 192.168.1.5 with 32 bytes of data:
Reply from 192.168.1.5: bytes=32 time=1ms TTL=128
Reply from 192.168.1.5: bytes=32 time<1ms TTL=128

Hope this helps!

 

Related Blogs You May Be Interested In:


To leave a comment, please log in and/or register.