I am going to use the following script to add to the Windows Firewall, a list of IP Addresses.
netsh advfirewall firewall set rule name="IP Block" dir=in interface=any action=block new remoteip=<IP_Address>/32,<IP_Address>/32,<IP_Address>/32,<IP_Address>/32
How do you UPDATE an existing rule?
The above script will update the existing RULE, however. It will overwrite all the IP Entries.
I need to add to that list.
I test the script to make sure it would work, and I added my other computer to it.
Well, it works and now my other computer cannot access this computer.
I deleted the entry, and still cannot access this computer.
I cut off the Windows Firewall for Domain, and the computer was then able to access this system.
So, HOW can I remove an entry, if a person contacts me, that is an innocent bystander, that was not a part of the hack attempt, and needs the IP removed. I would HATE to have to reboot the server every time I get a request to remove an IP Address.
(I believe the mistake I made, was "Deleting" the rule, and I should have "Disabled" the rules.
That is what I get from reading the Technet.Microsoft.com site
That only Disabled Rules are not monitored as Active.
So, it seems the ones I deleted, and still showing as Active)
I checked in the Registry, and there is nothing there.
So, I am unsure where these are located at.
Inbound (ONE rule with 2 entries)
Firewall (THREE Hack Attempt Rules) These cannot be removed. There is NO option to remove them.