edit-icon download-icon

How to restrict the access of ports/IP addresses/applications using Windows 2008/2012 Firewall

Last Updated: Aug 03, 2017

Contents:

How to allow a program or feature to pass the Windows Firewall

  1. On the Control panel, select System and Security > Windows Firewall, and click Allow a program using Windows Firewall in the left-side navigation pane.
  2. Click Allow another program.
  3. Click Browse to select an executable file. Click Add to add an executable file, such as Internet Explorer in this example.

How to allow or block a port using the Firewall

  1. On the Control Panel, select System and Security > Windows Firewall, and click Advanced settings in the left-side navigation pane.
  2. Click Inbound Rules > New Rule.
  3. Select Port, and click Next.
  4. Select the port type (TCP or UDP), enter the number of the port to be enabled or disabled, and click Next.
  5. Select the port permission (Allow the connection or Block the connection), and click Next. Select the feature domain, enter the rule name, and click Finish.
    • If the default port inbound rule is Block, Allow the connection indicates that the port is enabled.
    • If the default port inbound rule is Allow, Block the connection indicates that the port is disabled.

How to restrict the access of an IP address using the Firewall

  1. On the Control Panel, select System and Security > Windows Firewall, and click Advanced settings in the left-side navigation pane.
  2. Click Inbound Rules > New Rule.
  3. Select Custom, and click Next.
  4. You can select All programs or This program path as needed. Click Next.
    • All programs indicates that the rule applies to all programs.
    • This program path indicates that the rule applies to a single program.
  5. Retain other default settings, and click Next.
  6. In the Which remote IP addresses does this rule apply? area, select These IP addresses, click Add, enter the IP address you want to filter out, click OK, and click Next.
  7. Select the IP address permission (Block the connection or Allow the connection), and click Next. Select the feature domain, enter the rule name, and click Finish.
    • Block the connection indicates that the IP address cannot be used to access applications in the server.
    • Allow the connection indicates that the IP address can be used to access applications in the server.

How to allow the specified IP address to access a port using the Firewall

  1. On the Control Panel, select Security and System > Windows Firewall, and click Advanced settings in the left-side navigation pane.
  2. Find out the port enabled by the Firewall, right-click it, and select Properties. In the displayed window, click the Scope tab.
  3. In the Remote IP address area, select These IP address, and click Add.
  4. Enter the IP address which is allowed to access the port as required, click OK > Apply.

How to block the specified IP address (segment) from accessing the server using the local security policies

  1. In Administrative Tools, select Local Security Policy, and right-click IP Security Policies on Local Computer.
  2. In Local Computer, select Create IP Security Policy, click Next. In the displayed window, enter a security policy name (such as “Block”), and click Next > Next. Now, you have created a security policy named “Block”.
  3. Right-click the security policy Block and select Properties. In the displayed window, click Add, and click Next > Next. In the Network Type area, select All network connections, and click Next. In the Security policy Wizard window, click Add.
  4. Set the name for IP Filter List, and click Add. For example, if you want to block the IP address of the 30.254.1.0/24 segment from accessing the server, you can name the list “30.254.1.0/24” for easy identification and remembering.
  5. In the IP Filter Wizard window, click Next. Enter the description as required, and click Next.
  6. In the IP Traffic Source drop-down list box, select A specific IP Address or Subnet, enter the IP address or subnet, such as 30.254.1.0/24 in this example, and click Next.
  7. In the Destination address drop-down list box, select Any IP Address, and click Next.
  8. In the IP Protocol Type drop-down list box, select Any, and click Next.
  9. Click Finish.
  10. In IP Filter List, select the created 30.254.1.0/24 security policy, and click Next.
  11. In Filter Action, click Add.
  12. Click Next.
  13. Enter the name, and click Next.
  14. Select Block for Filter Action General Options, and click Finish until the configuration is complete. Apply the security policy.
  15. Right-click the security policy Block, and select Assign.

Now, you have blocked the IP address to access the port.

You can log on to Alibaba Cloud community for free consultation, or contact Alibaba Cloud Marketplace sellers for help.

Thank you! We've received your feedback.