[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 557
  • Last Modified:

windows 2008 R2 advanced firewall netsh syntax

Hi,

I'm experimenting with using the Windows 2008 R2 firewall to block external IP addresses from accessing one of our public facing servers.  I turned on the firewall and allowed all incoming public connections as a default with the intent to block those who were undesirable (hacking attempts, etc.).

I entered the following test netssh command at a command prompt:

netssh advfirewall add rule name="Blocked" dir=in action=block remoteip=198.45.116.0/22

And got this as a result:
The following command was not found: advfirewall add rule name=Blocked dir=in action=block remoteip=198.45.116.0/22

This is under Windows 2008 R2 standard.

?

Once this does work, if I wanted to have multiple remote IP addresses, how would I do that?  Can I add them to an existing rule, or do I have to make a new rule each time?

Thanks much!

--Ben
0
Ben Conner
Asked:
Ben Conner
  • 3
1 Solution
 
ChrisCommented:
Pretty sure the syntax is:

netsh advfirewall firewall add rule . . .
0
 
ChrisCommented:
You are also able to update exisisting rules using the "set rule" command. For explample, to add the ip 10.10.10.10 to your existing rule, you'd use the following command:

netsh advfirewall firewall set rule name="Blocked" new remoteip=198.45.116.0/22,10.10.10.10
0
 
Ben ConnerAuthor Commented:
Sigh.  Can't tell you how long I stared at that...  Thanks much!

--Ben
0
 
ChrisCommented:
Glad to help. I know how it feels. Sometimes you just need a fresh pair of eyes!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now