How to block IP ranges in Windows Firewall - gHacks Tech News

How to block IP ranges in Windows Firewall

If you are using Windows and have not installed a "complete" security suite for the operating system, you are likely using Windows Firewall to protect the operating system.

While there are standalone firewall applications as well, or hardware firewalls, it is likely that most users make use of the built-in firewall of the operating system.

Configuration of the firewall is not as straightforward as it can be, considering that you first need to find out how to open it, and then work your way through the menus that it makes available.

The guide that you are reading looks at one advanced configuration option: how to block IP ranges in the Windows Firewall. This is a list of IP addresses that you combine in a single expression, for instance 206.111.0.0 - 206.111.0.16 which covers all IP addresses in that range. Note: the screenshot below shows a different rule.

new-inbound-rules

How to load the firewall controls

The easiest way to load the firewall controls is the following:

  1. Use Windows-R to bring up the run box of the operating system.
  2. Type WF.msc and hit the enter key.

Block IP ranges

block ip range

Note: The following guide uses the built-in firewall of Windows 7. If you are using a different Windows operating system, the way may be different.

  1. Click on Inbound Rules on the Windows Firewall with Advanced Security window.
  2. Select New Rule under Inbound Rules on the right.
  3. Select Custom rule on the next screen and click on next.
  4. Leave everything as is on the screen that comes up and click next (all programs selected).
  5. Leave everything as is on the ports and protocols screen and click next.
  6. Select "These IP addresses" under "Which remote IP addresses does this rule apply to",click add, and enter the scope in the following format: 206.111.0.0/16. This works with IPv4 and IPv6 addresses. You can alternatively use the IP address range option below instead. Note: The range 206.111.0.0/16 applies to addresses starting with the first two numbers (206.111...).
  7. Click ok, the IP range should now be listed under these IP addresses. Click next.
  8. Select block the connection on the next screen. This blocks those IP addresses so that connections cannot be established anymore.
  9. Leave everything as is on the next screen and click next.
  10. Name the new rule and add a description to it if you want.
  11. The new rule appears in the inbound rules list now.

Edit or Remove the rule

You can edit or remove the rule at any time. To edit it, double-click on it in the firewall controls and use the tabs to make modifications to the rule set.

To delete it, simply select it and hit the delete key on your keyboard afterwards. All you need to do then is confirm the prompt and the rule gets removed from the system again.

Summary
How to block IP ranges in Windows Firewall
Article Name
How to block IP ranges in Windows Firewall
Description
You can block single IP addresses in Windows Firewall or a range of IP addresses. This guide explains how you can add IP blocks to the block list.
Author
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Paranoya said on February 18, 2014 at 4:27 pm
    Reply

    Windows Firewall functionality is great, at least starting with Vista that included outbound filtering, but unfortunately the interface is not so great. Here’s a tip for a future review:
    Windows Firewall Control – http://www.binisoft.org/wfc.php

    It only uses the Windows Firewall functionality, but with a new and much better interface so you won’t have to go into the complicated “Windows Firewall with Advanced Security” interface.
    It adds everything you could ever want with Windows Firewall that Microsoft didn’t build into it. For example having easy control also over all outbound connections (which is disabled by default in Windows Firewall so it allows everything!!).

    How I discovered this was I wanted to enable outbound filtering but soon realized it’s almost impossible to achieve with the default interface, so I started searching info about it and found this amazing app.

  2. Alan said on February 25, 2014 at 9:13 am
    Reply

    Seriously?

    Since when does 206.111.0.0/16 mean:

    206.111.0.0 through 206.111.0.0 inclusive?

    Windows Firewall is a great utility, and they have resisted the calls to include pointless outbound filtering (if something is calling out you’re already scuppered), and is really easy to use, but if you don’t get subet masks, then its not going to go well!.

    1. Martin Brinkmann said on February 25, 2014 at 10:37 am
      Reply

      You are right, I did not make that clear enough. Windows Firewall handles subnets correctly, my description needed more explaining.

  3. Yorick said on October 1, 2017 at 5:30 pm
    Reply

    This was 2014… how do we do it NOW, in 2017???? (“Scope” is no longer an option: Rule Type, Program, Action, Profile, and Name. Nowhere do I see a place that I can add an IP or a URL to block…. It seems all this POS firewall is good for NOW is to block INSTALLED PROGRAMS from running–which I can do by manually uninstalling–making this the most useless POS I have ever seen.)

  4. Alan said on October 1, 2017 at 11:33 pm
    Reply

    On my Win10Pro, if I choose ‘custom’, I can add a scope.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.