F5F Stay Refreshed Power Users Networks Configure Windows firewall to add allowed IP addresses or block specific ones.

Configure Windows firewall to add allowed IP addresses or block specific ones.

Configure Windows firewall to add allowed IP addresses or block specific ones.

B
Bigking
Member
Find
154
12-12-2021, 09:01 PM
#1
Hello, I've got a small media-server at home that seems to be a common target for brute-force attacks. I've attempted to strengthen its security with the following adjustments: - Block RDP access for admin accounts - Use a custom port for RDP - Enforce strong passwords - Implement account lockout after multiple failed attempts - Monitor logs regularly and block suspicious IPs in the firewall I understand I should ideally restrict access to local connections and consider a VPN solution, but I still want to make it easy for friends to connect without extra effort. My goal is to prevent any IP outside my country range and also block those with excessive failed login attempts. So, I've set up a firewall rule to drop all incoming traffic from (placeholder). I plan to add IP addresses to this list using a PowerShell script every few minutes if the script detects more than five failed logins from that IP. ... But how would I manage blocking any incoming connection from an IP outside my defined range, beyond that?
Reply
Reply
B
Bigking
12-12-2021, 09:01 PM #1

Hello, I've got a small media-server at home that seems to be a common target for brute-force attacks. I've attempted to strengthen its security with the following adjustments: - Block RDP access for admin accounts - Use a custom port for RDP - Enforce strong passwords - Implement account lockout after multiple failed attempts - Monitor logs regularly and block suspicious IPs in the firewall I understand I should ideally restrict access to local connections and consider a VPN solution, but I still want to make it easy for friends to connect without extra effort. My goal is to prevent any IP outside my country range and also block those with excessive failed login attempts. So, I've set up a firewall rule to drop all incoming traffic from (placeholder). I plan to add IP addresses to this list using a PowerShell script every few minutes if the script detects more than five failed logins from that IP. ... But how would I manage blocking any incoming connection from an IP outside my defined range, beyond that?

Reply
Reply
N
NinatoPvP
Posting Freak
Find
899
12-16-2021, 09:43 PM
#2
I tackle the issue by reversing the approach. Rather than blocking all IP addresses from various countries, I restrict RDP connections to only those originating from my own country. I retrieved the local IP block from https://www.ipdeny.com/ipblocks/, then incorporated those addresses into the default firewall policy for RDP using a simple script.
Reply
Reply
N
NinatoPvP
12-16-2021, 09:43 PM #2

I tackle the issue by reversing the approach. Rather than blocking all IP addresses from various countries, I restrict RDP connections to only those originating from my own country. I retrieved the local IP block from https://www.ipdeny.com/ipblocks/, then incorporated those addresses into the default firewall policy for RDP using a simple script.

Reply
Reply