Your Windows server has a Windows firewall to help prevent malicious attacks. This firewall looks at anything attempting to access your server and compares it to a set of rules.
If it breaks the rules, your firewall doesn't let the traffic through.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to configure Security Firewall on their Windows Server.
More information about IP address Blocking?
Blocking the IP address is a security measure to blocks the IP which is harmful to the network or individual computers.
The IP block occurs due to many reasons. The IP gets block if someone did suspicious activities, sending spam content data, entering wrong credentials in unlimited times.
How to block IP addresses in Windows Firewall?
Just recently, one of our customers informed us that his server is responding slowly and sometimes just getting stuck. Wen we troubleshooted his system, we noticed that the server is under SYN attack. We saw thousands of connections from the same IP connecting to contiguous ports.
SYN attack is a form of denial-of-service attack in which an attacker sends a large number of requests of SYN requests to the Server.
The Denial-of-Service attack is an attack to shut down a machine or network. Due to a large number of requests, it consumes a large number of server resources and makes the server unresponsive.
Now let us see how our Support Engineers help the customer to stop the SYN attack on his server.
To block the IP in the windows firewall, simply follow the following steps;
1. Firewall Control Panel
i. Initially, we log in to the server via RDP.
ii. Then, we click on Start and select the Administrative Tools option. Then we select the Windows Firewall with Advanced Security option.
iii. After that, we click on the Inbound Rules option from the left pane of the firewall window and click on the New Rule option on the right pane.
iv. The,n the New Inbound Rule Wizard will open.
v. We click on the Custom button in the Rule Type option and click on Next.
vi. Next in the Program option, we make sure that the All Programs option is selected and then click on Next.
vii. In the Protocol and Ports option, we leave all the options at its default and click on Next.
viii. Next in the Scope option, we see two boxes. One is for local IP addresses and the second one is for remote IP addresses. We enter the corresponding IP address in the field and click the Add Button.
ix. Then we select Block the connection option from the Action menu and then click on Next.
x. In the Profile section, we checked all of the options such as Private, Public, and Domain and then click on Next.
xi. Finally, we mention the name of the rule in the Name section and click on Finish.
2. Through Command Prompt
i. Initially, we open the Command Prompt and run it as Administrator.
ii. Then we run the below command in the Command Prompt to block a specific IP address in the firewall.
netsh advfirewall firewall add rule name="abc" Dir=In Action=Block RemoteIP=x.x.x.x
3. Through PowerShell
To block the IP address through PowerShell we run the Powershell as Administrator. Then run the below command to block the IP address
New-NetFirewallRule -Direction Inbound -DisplayName "New_Rule" -Name "New_Rule" -RemoteAddress x.x.x.x -Action Block
We can use any of the above three methods to block the IP address in the Windows firewall.