Avatar of Wayne Barron
Wayne Barron
Flag for United States of America asked on

Blocking outside IP Addresses

Hello All;

OK, as the subject states. We are wanting/needing to block IP addresses.
I do not currently have a professional industry standard hardware firewall at the moment.
So, we are going to rely on Windows Firewall or Other, software based Firewall.

Whichever route that we take.
We will need to have access to the file that the IP Addresses are stored at.
Rather is it through

Windows Server
     Windows Firewall and Advance Security
          Inbound Rules
OR, through

IIS - Internet Information Services
                   IP Address and Domain Restrictions

I am thinking that using the Windows Firewall and Advance Security,
Would be the better of the two to use.

If either one of these are the ones, and I would prefer to stick with either one of these.
(preferably the Window Firewall)
How would I access the file where the IP Addresses are stored at?
I am writing a vb.net application that grabs IP Addresses of potential hackers on our mail server.
The script is fully functional already, except for blocking said IP Address from access the system altogether.

Any ideas suggestions, anything.
Thank You
Software FirewallsWindows Server 2016Windows NetworkingMicrosoft IIS Web ServerNetwork Security

Avatar of undefined
Last Comment
Wayne Barron

8/22/2022 - Mon
Systech Admin

Use windows firewall to block the IP instead and for more security you can do it on the IIS side also. thats the best way to achieve your requirement.
Wayne Barron

Sounds great.
Would you know where the file that stores the IP Addresses are located at?
Systech Admin

Well honestly I have no idea where it stores.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Natty Greg

It is better to do it at the router than in windows firewall. The log files will be there also for you to view.

Use whatever router you have, rather than at the server itself. But that is under the assumption your router will let you restrict inbound connections by IPs.

But it sounds like you don't have a unit where you can easily access what you need. That said, I would probably do it at Windows Firewall in your case. The file is located at %SystemRoot%\System32\LogFiles\Firewall\Pfirewall.log

However, you might also need to increase the max size of the file itself. Here's an article giving you what you need: https://www.howtogeek.com/220204/how-to-track-firewall-activity-with-the-windows-firewall-log/

In the long run though, get a business grade firewall.
Wayne Barron

Hey, Natty.
As stated in the OP.
I do not have a professional standard Firewall.
So, I can only add IP Blocks to the router, not single IP Addresses.
So, I will have to. For the moment.
Use the Windows FW and IIS FW.

I found this thread on StackOverflow.
Deny access to 50,000 specific IP addresses using Windows Firewall

This one is over at the forums @ Microsoft. (This looks promising)
Add firewall rule programmatically

The script in done in C# so needs to be converted over to VB

I found some more code, but I found out that certain features are not usable in a web app.
That it would have to be a windows app.

So, not to certain that I can do what I wanted to do or not.
Unless I create a dos app that will be executed from the website and add the IP Address in that way.
I am at a loss when it comes to that part.
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Wayne Barron

I created a rule to block inbound IP Addresses, and I added an IP Address to the rule.
I checked the file, at the location you specified and it is empty.
I do believe that the file that you pointed to, is simply what it shows in the address bar.
A Log File. >> LogFiles\Firewall

As for the "business grade firewall"
I have one, but not certain if it is still working or not.
A Cisco Pix 501 (Had to look back at my old EE Archives to find the # of it)
I have had it for about 13 years, but have not used it in about 10 years.

Which would make for a good time to get a new one. Doesn't necessarily have to be a PIX, but something up to date and appropriate.
Wayne Barron

That will come later on, right now. I have to do it this way.

I did a search through the registry for the IP Address I added.
And it is stored here


So, what I need to do, is write [Add] to the registry.

This is the way the key looks.

v2.26|Action=Block|Active=TRUE|Dir=In|RA4=|RA4=|Name=Hack_Attempt|Desc=This rule is to stop all hackers from accessing our system.|

So, what I need to do, is [add] to the registry entry, the IP Addresses from my VB.net website.
Which would have to be added like so:
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Wayne Barron

My router does not allow anything to do with block outside IP Addresses.
I know, I need a better router.

Here's an article on working with the registry in VB.net: https://msdn.microsoft.com/en-us/library/85t3c3hf.aspx
Wayne Barron

All their examples are using the: [HKEY_CURRENT_USER]
I need to access [HKEY_LOCAL_MACHINE] Which needs Administrative Privileges.
Of which, I have given ASP.NET the Privileges for the SubKey, however. Still no go.

Another thread about this very issue is here.
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Wayne Barron

@Giovanni Heward
Has the right idea.
I am going to have to do it that way.
Script to get the IP Addresses, and use this function to insert into the firewall.
Wayne Barron

Giovanni, your solution is the best.
Had you stated that it is for "Window Firewall" I would have looked closer at it, and realized it was what I needed to use.

Thank you
I have tested it and it works great.