0

For protection of a Web Server, I need to allow some trusted IP and block others. The solution I have tried:

  1. Create 2 inbound rules :

    • Allow some IP and RDP IP
    • Block All

    this resulted on blocking every connection. I learned that Windows Firewall block everything explicitly ignoring the allowed rules.

https://technet.microsoft.com/en-us/library/cc755191%28v=ws.10%29.aspx

  1. This is not true https://serverfault.com/questions/51146/windows-firewall-2008-server-allow-only-given-ip-in-block-all-others

By default, anything that does not have a rule is automatically blocked by the built-in firewall in Windows server 2008. So to make this work, all I needed to do was add a rule specifically allowing the IP address to get in.

Although the firewall is turned on and creating inbound rules that allows trusted IPs , random IP can still access the Server either with RDP or HTTP request.

  1. I tried this How to block all traffic but one IP in Windows Firewall?

Create outbound rule: Block All
Create Inbound rule : Allow some IP
It does not have any effect. The connection are open despite the firewall is turned on with these rules.

Windows Firewall Properties - screenshot http://postimg.org/image/stg1jtxjh/

please help!

Community
  • 1
xyonme
  • 101
  • 1
  • 4
  • What do you mean with "access the server"? Are you trying to limit RDP connections? There are a lot of rules which allow incoming traffic for all kinds of services. – duenni Jul 29 '15 at 08:20
  • hi @duenni i am not only trying to limit RDP connection but also http request to server. do you understand? – xyonme Jul 29 '15 at 08:37
  • Option 3 **does** work however you must also check every other rule. If you already have a rule that allows RDP from any IP then that rule will allow access even if your IP block does not. **If traffic matches any rule at all it will be allowed** – qasdfdsaq Jul 29 '15 at 10:31
  • @qasdfdsaq hi. There is no special rule created other than the trusted IP rule. It is a success also on testing a http request from random IP to the server IP which should be prohibited. – xyonme Jul 29 '15 at 11:41
  • This is why I said you have to check **every other rule**. Including the 20+ Windows built-in ones – qasdfdsaq Jul 29 '15 at 11:43
  • @qasdfdsaq hi . I am testing on the local network. the block outbound rule did deny connection. http://postimg.org/image/hthhauayr/ but eventhough outbound rule has been created, allowed trusted PC ,as below image , the connection is still blocked. please help me! http://postimg.org/image/85jtsnaxb/ – xyonme Jul 31 '15 at 07:49

0 Answers0