Block IP’s and Ports on Windows Server

**PrashantJ** · 12-06-2008, 05:53 PM

Goto start ==> settings ==> Control panel ==> administrative tools ==> Local Security Policy ==>

Right Click on IP Security Policies on Local Computer in the left pane==> Click Create IP Security Policy

==>You will get a IP security Policy Wizard ==>Welcome to IP security policy wizard ==> Click Next

==> Type the IP security Policy name Say ‘BAN IP’ and The description ==> Click next ==>

Uncheck the checkbox Activate the default response Rule ==> Click next ==> Click Finish . You will

get a IP Security Policy which you have created Properties Window .

Check the checkbox Use Add Wizard , Click Add to create IP security Rule ==> Welcome to create IP

security Rule Wizard == > Click Next ==> Select This Rule Does Not specify a Tunnel ==> Click Next

==> Select all Network connections from the network type ==> Click Next ==> You will get the IP filter

list ==> Click Add to create new IP Filter list , type the Name and description of the IP filter list and

check the checkbox Use Add Wizard ==> Click Add to Add the IP filter ==> Click Next ==> Check the

checkbox Mirrored , Match packets with exact opposite source and destination address . Click Next

==> Select the source address as My IP Address ==> Destination address as a specific IP address(The

IP address which you want to block), Any IP address(Will block all the IP addresses) , a subnet of IP

Address or a DNS name ==> Click next ==> Select protocol Type as Any and finish the IP filter wizard .

Now select the IP filter which you have set and click next for the filter action ==>check the checkbox

use add wizard ==> Click add ==> Click next and type the filter action name and Description ==> Click

next ==> Select the 'BLOCK' action and click next ==> Click finish .

Now select the filter action and click next ==>click finish==>Click Ok

To apply the policy right click on the policy Name and select Assign .

Now if you want to block a particular port such as 1433 which is MSSQL Port or any other port such

as 21 (FTP) , 23(Telnet) , 3389(RDP) ,110 (POP3) please follow the steps described below

Right click IP security policy which you have created from the above steps ==>click properties ==>

select the IP security policy and click edit ==> Under the IP Filter list tab select IP filter ==> Edit ==>

Add a new Filter ==>Click next ==> Check the check box mirrored , Match packets with the exact

opposite source and destination addresses Click next ==> Type source address as My IP address ==>

Destination address as any IP address or a specific IP address or a specific Subnet == > Click next ==>

Select a protocol type as TCP ==> Select From this port and type the port number which you want to

block ==> select To any port ==> Click next ==> Click Finish

Regards,

PrashantJ

**Suhaib** · 12-19-2008, 04:44 PM

On a Windows Server 2003, before assigning IPsec polcy, we need to make sure it is applied from local registry or Group Policy object. In order to do this, you need to do the following :

- Install Netdiag.exe
- Open cmd, set folder as C:\Program Files\Support Tools.
- Run the command : netdiag /test:ipsec in order to test IPsec

**PrashantJ** · 03-29-2009, 07:57 AM

Through the control panel open the windows firewall , click on the exceptions tab here you can add a port or a program , Click add port and specify the port name as well as port number along with weather it is a TCP Port or UDP port . Through the change scope option you can specify which set of computers are allowed to access the port . These are the options .

To specify the set of computers for which this port is unblocked , click the option below
1) Any computer
2) My network only
3) Custom list

Regards,

Prashant . J .