It is very easy to block a single IP address on a Linux server but Windows Default firewall doesn’t allow us to block a single IP address on the server or for particular ports. However Microsoft released this and introduced IP Security Polices in their Local Security Polices option in the release of their SP2. But most of us are not aware of this option and we mostly adopted third party firewall and pay for their heavy license. However Firewall onl Windows 2008 Server is far more advanced than that on Windows 2003.
It would not be the case now as I have listed detailed steps along with the images on how to block IP using the IP security policy in Windows. This option is also available in XP as well as Windows 2003 Server edition.
How to BLock IP Using Windows:
You can either open MMC from START >> RUN >> MMC and add a new Snapin for IP Security policy with steps below:
Click ‘Start’ > ‘Run’ >type ‘MMC’ press ok.
In the console click > ‘File’ > ‘Add/Remove Snap in’
In the ‘Standalone Tab’ click The ‘add’ button
Seclect ‘IP Security Policy Managment’ > ‘ADD’ > ‘Local Computer’ > ‘finish’ > ‘close’ > ‘ok’
You should now be back to the Management console.
Just goto START >> PROGRAMS >> ADMINISTRATIVE TOOLS >> LOCAL SECURITY POLICIES ON LOCAL COMPUTER to open the IP Security Management Console.
1. Select IP Security Policy and Right Click on the right pane to select new Policy. The screen will like an image below:
2. This will open the IP Security Policy Wizard, Just click on Next button.
3. On the Next screen you have to define the name of your IP Security policy and its description and then click Next Button.
4. Plesk uncheck the box for “Activate the default Response Rule” and then click Next Button..
5. On the Next screen remove the check for Edit Properties and Click Finish.
6. Once you click on the Finish Button you will see the screen below along with your rule being added to the list. Now we will create an IP filter list to block IPs.
7. Double click on the rule you have just create to open the properties window:
8. Since we have chosen to uncheck “Activate the default Response Rule” in Step 4 the Dynamic rule in not applied. Click on Add button to open Security Rule Wizard and Click again on Add button to open IP Filter List Wizard.
9. You will have a screen some what in Figure 9. Put in the name of your list and Click on the Add button.
10. This will open another window for you to add IP and ports in the IP Filter list. In the Description box just put in the IP address that you want to block and make sure that you keep the check on the box for “Mirrored. Match packets with the exact appropriate source and destination addresses” and click on the Next button.
11. Select My IP address in the Sources Address from the drop down list.
12. You have many more options to select from the list for both in Sources and Destination Address. You will need some advanced knowledge to work with those option. We will select My IP address for now and click on Next button.
13. In the IP Traffic Destination, select “A specific IP Address” and enter the IP address that you want to block on your machine. Here you can also select a sub net from the drop down and block the entire subnet. Once you finish entering an IP/Subnet, click on Next button.
14. Here in IP Protocol Type you can define the protocol that you want to block, it can be any one from the list for example TCP, UDP, ICMP etc. We will select ANY which mean all connect from a specific IP address. If you select a protocol from the list andclick Next it will ask you to enter the port address that you want to block, example 80 (See Figure 14.2). But since we want to block all ports we will select Any and click Next (Figure 14.1) and then Finish.
15. After you click on Finish button you will see that the rule has been added in the IP filter list. If you want to add more IP and subnets then click on the Add button to add another rule or block 2nd IP. Once you finish with it you will have rules as in Figure 15.2.
16. Once your IP Filter List is complete click on the OK button to get back Security Rule Wizard. Select the IP filter list which you have created by clicking on the radio button and click Next.
17. In the Next screen of Security Rule Wizard you will not see any Filter Action as Block as by default it is not created. We will create a Filter action to block connect by click on Add button.
18. In the Name type “Block” and any discryption you like and click on Next.
19. In Filter Action General options select Block and click Next.
20. And then on Finish to get back to Security Rule Wizard.
21. This will add the Filter option as Block in the list, just click on radio button to select it and click Next.
22. Click Finish to complete the security Rule Wizard.
23. You will see the rule added in the list, you can add more rule with the same steps. Now just click OK to finish with the rules.
24. Now since we have already created the rules to block desired IP address just right click on the IP Security Policy and select Assign to apply the rule on the server.
There are allot many option to secure your entire server with IP security policy. You can create more rules to block every one on RDP port TCP 3389 and allow only select IPs. IP Security is IP and port based application and not Services based and you can create the rule as per your need.