This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 91%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Ask about windows firewall settings for Windows Server 2016 Standard.
I set windows firewall receive rules.
In this case, we do not set the port number. I want to block all ports for IP addresses that I do not allow, per IP addresses participating in the network.
In addition, I want to set a wide range of IP addresses to block.
This is set in the Scope tab of the properties of the firewall settings me created.
First of all, I will set the following.
Local IP address : Any IP address
Remote IP address : Any IP address
PCs participating in the network can no longer access this server.
Next, I will change this setting as follows.
Local IP address : Any IP address
Remote IP address : 0.0.0.0 - 255.255.255.255
I want access from this PC to be blocked. However, This PC has access to the server.
The end goal is to block everything except a specific IP address.
For example, if the server only allows "10.10.10.10", I think that it should be set as follows.
Local IP address : Any IP address
Remote IP address : 0.0.0.0 - 10.10.10.9, 10.10.10.11 - 255.255.255.255
However, Even if you set it to "0.0.0.0 - 255.255.255.255", This PC will still have access to the server.
To tell the truth, DHCP server does not exist in this network. This network is simply, It is just a state that multiple PCs and servers are connected by LAN cable.
The PC settings that the server blocks are, Get IP addresses automatically.
Only PCs that the server allows access to enter a fixed IP address, for example "10.10.10.10".
(This block setting may seem vulnerable, if someone is free to set their IP address...)
There are concerns that third parties can freely set IP addresses, but I'm pending.
First of all, I want to know why the PC can access the server even if I set it to "0.0.0.0 - 255.255.255.255".
[supplement]
As mentioned so far, I want to set a firewall to block the IP address range. However, if this increases the IP address I want to allow, it needs to be fixed every time.
If there is a better way, I want you to tell me.
The problem is that accessibility can only be set on an IP address by IP address basis.
My original desire is to set permissions that take precedence over blocking rules.
However, because there are circumstances, Information other than ip address cannot be set in the firewall, For example pc user information cannot be used.
I'd appreciate it if someone could answer my questions.
Hi ,
How did you configure firewall rules to block all ports for IP addresses? I would like to do a test in my lab.
In my lab, I create the following deny customize firewall rule:
No matter I set it to "0.0.0.0-255.255.255.255" or Any, the client cannot access the server. Unless I set it to 0.0.0.0-10.10.10.9, 10.10.10.11-255.255.255.255,then client with 10.10.10.10 IP address can access the server.
Please post your configuration with firewall rule and I would like to reproduce it in my lab.
Best Regards,
Candy
--------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello.
I was glad to receive a reply.
I checked the firewall settings. It was the same as the image on the screen you presented.
However, even in this state, client with 10.10.10.10 IP address can access the server.
This client PC can only be blocked if the firewall has both local and remote IP set to "Any".
Actually, when I tried another test server on another network, I was able to block the client PC with the IP address.
However, there is a DHCP server on this network and the IP address is managed.
This problem occurs on a simple network that connects client PCs to the server using only LAN cables and hubs.
It would be very helpful if you could help me.
Sorry for delayed response.
This problem occurs on a simple network that connects client PCs to the server using only LAN cables and hubs.
Unfortunately, due to limited resource and security policy, I have no such device to reproduce your network environment.
If we want to find the cause, we may need to analyze network traffic and firewall logs. However, analysis of network traffic is beyond our forum support level and due to forum security policy, we have no such channel to collect user log information. So we recommend you open a case with MS Professional tech support service, they will help you open a phone or email case to Microsoft, so that you would get a technical support on a one-to-one basis while ensuring private information.
Here is the link:
https://support.microsoft.com/en-us/gp/customer-service-phone-numbers
Hello.
I was glad to receive a reply again.
I understood that it was difficult for you to verify.
Thank you again for your advice, and link information.
Appreciate your understanding. Have a nice day! :)