Ask about windows firewall settings for Windows Server 2016 Standard.
I set windows firewall receive rules.
In this case, we do not set the port number. I want to block all ports for IP addresses that I do not allow, per IP addresses participating in the network.
In addition, I want to set a wide range of IP addresses to block.
This is set in the Scope tab of the properties of the firewall settings me created.
First of all, I will set the following.
Local IP address : Any IP address
Remote IP address : Any IP address
PCs participating in the network can no longer access this server.
Next, I will change this setting as follows.
Local IP address : Any IP address
Remote IP address : 0.0.0.0 - 255.255.255.255
I want access from this PC to be blocked. However, This PC has access to the server.
The end goal is to block everything except a specific IP address.
For example, if the server only allows "10.10.10.10", I think that it should be set as follows.
Local IP address : Any IP address
Remote IP address : 0.0.0.0 - 10.10.10.9, 10.10.10.11 - 255.255.255.255
However, Even if you set it to "0.0.0.0 - 255.255.255.255", This PC will still have access to the server.
To tell the truth, DHCP server does not exist in this network. This network is simply, It is just a state that multiple PCs and servers are connected by LAN cable.
The PC settings that the server blocks are, Get IP addresses automatically.
Only PCs that the server allows access to enter a fixed IP address, for example "10.10.10.10".
(This block setting may seem vulnerable, if someone is free to set their IP address...)
There are concerns that third parties can freely set IP addresses, but I'm pending.
First of all, I want to know why the PC can access the server even if I set it to "0.0.0.0 - 255.255.255.255".
[supplement]
As mentioned so far, I want to set a firewall to block the IP address range. However, if this increases the IP address I want to allow, it needs to be fixed every time.
If there is a better way, I want you to tell me.
The problem is that accessibility can only be set on an IP address by IP address basis.
My original desire is to set permissions that take precedence over blocking rules.
However, because there are circumstances, Information other than ip address cannot be set in the firewall, For example pc user information cannot be used.
I'd appreciate it if someone could answer my questions.