Link to home
Create AccountLog in
Avatar of Wayne Barron
Wayne BarronFlag for United States of America

asked on

Blocking outside IP Addresses

Hello All;

OK, as the subject states. We are wanting/needing to block IP addresses.
I do not currently have a professional industry standard hardware firewall at the moment.
So, we are going to rely on Windows Firewall or Other, software based Firewall.

Whichever route that we take.
We will need to have access to the file that the IP Addresses are stored at.
Rather is it through

Windows Server
     Windows Firewall and Advance Security
          Inbound Rules
               etc....
OR, through

IIS - Internet Information Services
        ServerName
               IIS
                   IP Address and Domain Restrictions

I am thinking that using the Windows Firewall and Advance Security,
Would be the better of the two to use.

If either one of these are the ones, and I would prefer to stick with either one of these.
(preferably the Window Firewall)
How would I access the file where the IP Addresses are stored at?
Reason:
I am writing a vb.net application that grabs IP Addresses of potential hackers on our mail server.
The script is fully functional already, except for blocking said IP Address from access the system altogether.

Any ideas suggestions, anything.
Thank You
Carrzkiss
Avatar of Gaurav Singh
Gaurav Singh
Flag of India image

Use windows firewall to block the IP instead and for more security you can do it on the IIS side also. thats the best way to achieve your requirement.
Avatar of Wayne Barron

ASKER

Sounds great.
Would you know where the file that stores the IP Addresses are located at?
Well honestly I have no idea where it stores.
It is better to do it at the router than in windows firewall. The log files will be there also for you to view.
Use whatever router you have, rather than at the server itself. But that is under the assumption your router will let you restrict inbound connections by IPs.

But it sounds like you don't have a unit where you can easily access what you need. That said, I would probably do it at Windows Firewall in your case. The file is located at %SystemRoot%\System32\LogFiles\Firewall\Pfirewall.log

However, you might also need to increase the max size of the file itself. Here's an article giving you what you need: https://www.howtogeek.com/220204/how-to-track-firewall-activity-with-the-windows-firewall-log/

In the long run though, get a business grade firewall.
Hey, Natty.
As stated in the OP.
I do not have a professional standard Firewall.
So, I can only add IP Blocks to the router, not single IP Addresses.
So, I will have to. For the moment.
Use the Windows FW and IIS FW.

I found this thread on StackOverflow.
Deny access to 50,000 specific IP addresses using Windows Firewall

This one is over at the forums @ Microsoft. (This looks promising)
Add firewall rule programmatically

The script in done in C# so needs to be converted over to VB

I found some more code, but I found out that certain features are not usable in a web app.
That it would have to be a windows app.

So, not to certain that I can do what I wanted to do or not.
Unless I create a dos app that will be executed from the website and add the IP Address in that way.
I am at a loss when it comes to that part.
@masnrock
I created a rule to block inbound IP Addresses, and I added an IP Address to the rule.
I checked the file, at the location you specified and it is empty.
I do believe that the file that you pointed to, is simply what it shows in the address bar.
A Log File. >> LogFiles\Firewall

As for the "business grade firewall"
I have one, but not certain if it is still working or not.
A Cisco Pix 501 (Had to look back at my old EE Archives to find the # of it)
I have had it for about 13 years, but have not used it in about 10 years.
Which would make for a good time to get a new one. Doesn't necessarily have to be a PIX, but something up to date and appropriate.
That will come later on, right now. I have to do it this way.

I FOUND IT.
I did a search through the registry for the IP Address I added.
And it is stored here

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\

So, what I need to do, is write [Add] to the registry.

This is the way the key looks.


v2.26|Action=Block|Active=TRUE|Dir=In|RA4=192.168.2.250|RA4=192.168.2.249|Name=Hack_Attempt|Desc=This rule is to stop all hackers from accessing our system.|

So, what I need to do, is [add] to the registry entry, the IP Addresses from my VB.net website.
Which would have to be added like so:
|RA4=192.168.2.250|RA4=192.168.2.249|RA4=192.168.2.251|RA4=192.168.2.248|
ASKER CERTIFIED SOLUTION
Avatar of Giovanni
Giovanni
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
@Giovanni
My router does not allow anything to do with block outside IP Addresses.
I know, I need a better router.
Here's an article on working with the registry in VB.net: https://msdn.microsoft.com/en-us/library/85t3c3hf.aspx
@masnrock
All their examples are using the: [HKEY_CURRENT_USER]
I need to access [HKEY_LOCAL_MACHINE] Which needs Administrative Privileges.
Of which, I have given ASP.NET the Privileges for the SubKey, however. Still no go.

Another thread about this very issue is here.
https://www.experts-exchange.com/questions/29017903/vb-net-website-Add-to-existing-Registry-Value.html
@Giovanni Heward
Has the right idea.
I am going to have to do it that way.
Script to get the IP Addresses, and use this function to insert into the firewall.
Giovanni, your solution is the best.
Had you stated that it is for "Window Firewall" I would have looked closer at it, and realized it was what I needed to use.

Thank you
I have tested it and it works great.

Wayne