How to block IP ranges in Windows Firewall

Martin Brinkmann
Feb 17, 2014
Updated • May 18, 2014
Windows
|
8

If you are using Windows and have not installed a "complete" security suite for the operating system, you are likely using Windows Firewall to protect the operating system.

While there are standalone firewall applications as well, or hardware firewalls, it is likely that most users make use of the built-in firewall of the operating system.

Configuration of the firewall is not as straightforward as it can be, considering that you first need to find out how to open it, and then work your way through the menus that it makes available.

The guide that you are reading looks at one advanced configuration option: how to block IP ranges in the Windows Firewall. This is a list of IP addresses that you combine in a single expression, for instance 206.111.0.0 - 206.111.0.16 which covers all IP addresses in that range. Note: the screenshot below shows a different rule.

new-inbound-rules

How to load the firewall controls

The easiest way to load the firewall controls is the following:

  1. Use Windows-R to bring up the run box of the operating system.
  2. Type WF.msc and hit the enter key.

Block IP ranges

block ip range

Note: The following guide uses the built-in firewall of Windows 7. If you are using a different Windows operating system, the way may be different.

  1. Click on Inbound Rules on the Windows Firewall with Advanced Security window.
  2. Select New Rule under Inbound Rules on the right.
  3. Select Custom rule on the next screen and click on next.
  4. Leave everything as is on the screen that comes up and click next (all programs selected).
  5. Leave everything as is on the ports and protocols screen and click next.
  6. Select "These IP addresses" under "Which remote IP addresses does this rule apply to",click add, and enter the scope in the following format: 206.111.0.0/16. This works with IPv4 and IPv6 addresses. You can alternatively use the IP address range option below instead. Note: The range 206.111.0.0/16 applies to addresses starting with the first two numbers (206.111...).
  7. Click ok, the IP range should now be listed under these IP addresses. Click next.
  8. Select block the connection on the next screen. This blocks those IP addresses so that connections cannot be established anymore.
  9. Leave everything as is on the next screen and click next.
  10. Name the new rule and add a description to it if you want.
  11. The new rule appears in the inbound rules list now.

Edit or Remove the rule

You can edit or remove the rule at any time. To edit it, double-click on it in the firewall controls and use the tabs to make modifications to the rule set.

To delete it, simply select it and hit the delete key on your keyboard afterwards. All you need to do then is confirm the prompt and the rule gets removed from the system again.

Summary
How to block IP ranges in Windows Firewall
Article Name
How to block IP ranges in Windows Firewall
Description
You can block single IP addresses in Windows Firewall or a range of IP addresses. This guide explains how you can add IP blocks to the block list.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Rob said on August 20, 2022 at 8:58 am
    Reply

    You can still do it like always in windows firewall (2022). It’s not just that though. The process is not something you want to have to keep doing if you need to update the list often. There are other issues as well. But I have found that binisoft as was mentioned above at least somewhat bridges that gap.

  2. Christian Rouvier said on July 31, 2019 at 12:18 pm
    Reply

    in your exemple I will prefer 206.111.0.0 trought 206.111.255.255
    but in the fire wall of windows either this system don’t work you have to use certainly
    https://www.commentcamarche.net/faq/18728-configuration-du-pare-feu-avance-de-securite-de-windows-7 sorry but it’s in French let me know on my e-mail
    chris.

    Best regards and Many thanks for your help

  3. Alan said on October 1, 2017 at 11:33 pm
    Reply

    On my Win10Pro, if I choose ‘custom’, I can add a scope.

  4. Yorick said on October 1, 2017 at 5:30 pm
    Reply

    This was 2014… how do we do it NOW, in 2017???? (“Scope” is no longer an option: Rule Type, Program, Action, Profile, and Name. Nowhere do I see a place that I can add an IP or a URL to block…. It seems all this POS firewall is good for NOW is to block INSTALLED PROGRAMS from running–which I can do by manually uninstalling–making this the most useless POS I have ever seen.)

  5. Alan said on February 25, 2014 at 9:13 am
    Reply

    Seriously?

    Since when does 206.111.0.0/16 mean:

    206.111.0.0 through 206.111.0.0 inclusive?

    Windows Firewall is a great utility, and they have resisted the calls to include pointless outbound filtering (if something is calling out you’re already scuppered), and is really easy to use, but if you don’t get subet masks, then its not going to go well!.

    1. John C. said on November 22, 2019 at 9:50 am
      Reply

      I know this is an old article, but I know who you are “Alan”. You’ve been pestering the alt.comp.freeware newsgroup with your poor logic about outbound blocking for years. What part of a Trojan calling out for more malware or other such hijinks to jump onboard don’t you understand? You are acting like a fool if you honestly believe that anybody believes you and your nonsense. And now, even the company you work for, Microsoft, disagrees with you and grudgingly includes outbound blocking in their firewall.

    2. Martin Brinkmann said on February 25, 2014 at 10:37 am
      Reply

      You are right, I did not make that clear enough. Windows Firewall handles subnets correctly, my description needed more explaining.

  6. Paranoya said on February 18, 2014 at 4:27 pm
    Reply

    Windows Firewall functionality is great, at least starting with Vista that included outbound filtering, but unfortunately the interface is not so great. Here’s a tip for a future review:
    Windows Firewall Control – http://www.binisoft.org/wfc.php

    It only uses the Windows Firewall functionality, but with a new and much better interface so you won’t have to go into the complicated “Windows Firewall with Advanced Security” interface.
    It adds everything you could ever want with Windows Firewall that Microsoft didn’t build into it. For example having easy control also over all outbound connections (which is disabled by default in Windows Firewall so it allows everything!!).

    How I discovered this was I wanted to enable outbound filtering but soon realized it’s almost impossible to achieve with the default interface, so I started searching info about it and found this amazing app.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.