But how can I add an ip to the rule? In this case I would replace the IP adresses and not add one.
Background is that I have a firewall rule onmy FTP Server to block several ip ranges due normal brute force attacks. This works but I plan to write a program for this to do this automaticly. So I need to append the list.
Any hints?
Hello,
Thanks for your post.
To replace the remote IP address in a firewall rule, you may run the following command:
netsh advfirewall firewall set rule name=<rule_name> new remoteip=<new IP>
Using the Netsh Advfirewall Command-Line Tool
http://technet.microsoft.com/en-us/library/cc770887(WS.10).aspx
If you have any questions or concerns, please do not hesitate to let me know.
thank you for the answer. As I wrote above I found the command option. But how can I add an IP Address without overwriting the existing?
Hello,
Thanks for the update.
From my research, it seems that there is no way to add additional IP addresses to an existing rule via netsh command.
I will report this issue to the product group to check whether there is any workaround to achieve that. Thanks for your report.
Thank you for the reply.
Meanwhile I found a way which is ok for me.
Background:
I have a public FTP which I want to limit the access to my country only because this would be enough. The advantage of doeing this is that I can avoid bruteforce attacks from other countries (mostly from Asia).
I wrote a text file with the information which is needed for the netsh. HereI can modify the text.
In this script I looked for the provider addresses from ripe.net.
pushd advfirewall
set store gpo=<policy>
popd
pushd advfirewall firewall
set rule name="FTP (eingehend)" new remoteip=194.25.0.0/16,193.158.0.0/16,193.159.0.0/16,195.145.0.0/16,62.156.0.0/16,195.243.0.0/16,62.157.0.0/16,212.184.0.0/16,212.185.0.0/16,62.158.0.0/16,62.159.0.0/16,62.155.0.0/16,62.154.0.0/16,62.153.0.0/16,62.224.0.0/16,62.225.0.0/16,62.226.0.0/15,217.0.0.0/13,217.80.0.0/12,217.224.0.0/11,80.128.0.0/11,81.28.64.0/20,84.128.0.0/10,87.128.0.0/11,87.160.0.0/11,91.0.0.0/10,79.192.0.0/10,93.192.0.0/10,160.44.0.0/16,164.16.0.0/12,164.32.0.0/15,164.34.0.0/16,195.50.128.0/19,195.50.160.0/19,212.144.0.0/16,145.253.0.0/16,145.254.0.0/16,213.23.0.0/17,213.23.128.0/17,82.82.0.0/15,84.56.0.0/13,88.64.0.0/12,92.72.0.0/13,94.216.0.0/13,188.96.0.0/12,212.59.32.0/19,81.14.128.0/17,89.182.0.0/15,89.182.0.0/15,89.14.0.0/15,77.176.0.0/12,93.128.0.0/13,95.112.0.0/12,151.189.128.0/17,151.189.64.0/18,151.189.0.0/18,80.226.0.0/16,90.186.0.0/15,77.24.0.0/15,193.254.128.0/19,193.254.160.0/20,80.187.0.0/16,88.128.0.0/16,212.23.96.0/19,92.116.0.0/15,188.46.0.0/16,193.100.0.0/15,193.96.0.0/14,193.102.0.0/16,193.103.0.0/16,194.115.0.0/16,194.139.0.0/16,194.172.0.0-194.175.255.255,193.155.0.0/16,195.124.0.0-195.127.255.255,213.68.0.0/16,213.69.0.0/16,213.70.0.0/15,195.90.0.0/19,195.158.160.0/19,212.202.0.0/16,213.160.0.0/19,213.148.128.0/19,217.146.0.0/16,212.60.192.0/18,83.236.0.0/16,84.245.128.0/18,87.193.0.0/16,87.234.0.0/16,92.192.0.0/11,83.169.128.0/18,88.134.0.0/16,91.64.0.0/14,77.20.0.0/14,95.88.0.0/14,188.192.0.0/14,195.80.192.0/19,195.32.128.0/17,212.63.32.0/19,212.5.0.0/19,212.4.160.0/19,212.84.192.0/18,212.110.192.0/19,212.105.192.0/19,194.140.96.0/19,62.145.0.0/19,212.99.128.0/18,212.99.192.0/19,62.206.0.0/16,62.8.128.0/17,217.78.160.0/20,213.217.64.0/18,82.113.96.0/19,89.204.128.0/19,194.97.0.0/16,62.104.0.0/16,195.20.224.0/19,212.227.0.0/16,213.165.64.0/19,217.72.192.0/20,217.160.0.0/16,2.165.0.0/16,87.106.0.0/16,93.122.0.0/17,193.254.128.0/19,193.254.160.0/20,80.187.0.0/16,88.128.0.0/16,172.16.0.0/16
- Marked as answer by Markus Schuhmacher Tuesday, August 04, 2009 11:02 AM
Hello,
Thanks for sharing your solution.
I'm glad to hear that things are working correctly. I am sure that other community members will benefit from your workaround. Please do not hesitate to post in Technet Forum if you need any assistance in the future.
1. change the store (set store = ) because its for the instance only
2. add so many IP Adresses because the command line would be to long (even using a batch script). The system is cutting of the addresses after some kind of length.
So you need to run <netsh exec "netsh-script"> to run the previous created netsh script.
- Marked as answer by Markus Schuhmacher Tuesday, August 04, 2009 11:02 AM
- Edited by Markus Schuhmacher Tuesday, August 04, 2009 11:48 AM
Hey Markus,
I've tried your solution many times and cant get past the size limit of the command line. It goes about 1000 characters then i get the error: "The following commnad was not found: 113.208.113.21,113.208.113.22,........
Any ideas?
JimmyVP,
I believe Markus is passing his entire script to netsh via the -f option which reads from a file instead of the command line:
netsh -f ScriptFile
JimmyVP,
I believe Markus is passing his entire script to netsh via the -f option which reads from a file instead of the command line:
netsh -f ScriptFile
Sorry, I have forgotten to answer to your post Jimmy.
This is correct. I used -f. I thought I made this clear in my post.
I have a Windows server with serveral webshops and is focused on the European and US/Canadian market.
Every day my server is attacked by hackers and spammers mostly from fraud countries.
Now you can easily protect your Windows server with this very simple script against it.
You can block a country and/or countries/continents with it.
Most fraud countries are on the list and you can add more or remove them.
You can use this script for Windows 7, 8 and 8.1 systems.
Download the RAR file (protect_your_server.rar) from:
http://stackoverflow.com/questions/29865928/windows-firewall-to-block-semalt-fraud-countries-spam-and-more
Insert here also your comments and/or new ideas, please
I hope that I can make a lot of people happy with this script! :-)