If you are concerned about being hacked by people in specific countries you may simply block the entire range of IP addresses used in those countries. This tutorial will walk you through creating and importing a list of country IP address ranges to be blocked by the Windows Firewall. This will block all incoming and outgoing internet traffic. This will hopefully avoid being hacked or stop the transmission of your data if you are already hacked. The download already includes China, Russia, and Iran, which are known for a high volume hacking. This process is not as simple as on Linux and does not allow only specified countries (such as only the United States). If you know a way to do this on Windows Firewall, please use the Contact page.
Be warned that this will block all internet connections to and from the specified countries. This may cause problems if you not need incoming connections from countries that you blocked. An example would be if you blocked China, but you later need a software update from a server in China. You will need to remove China or turn off your firewall to get the update. You also may not want to block entire IP ranges if you run a public website and need to allow access to all. IP address blocking will not stop someone in a country that you blocked if they use a proxy server in an allowed country. As far as your firewall knows the connecting is coming from an allowed country.
Please note that Sans.org is the creator of the script used for this process. I simply removed all the other unnecessary files that are not needed for the process described below. The files used for this tutorial are just a small portion of what was included with their download, so please see their website for more advanced tips.
How to Block IP Addresses Using Windows Firewall
- Download the compressed file with the script and block list and unzip it.
- Start PowerShell and enter the following command to allow unsigned scripts: set-executionpolicy remotesigned
- Type Y to allow the command entered above and close PowerShell.
- Go to the folder you downloaded and unzipped and look for the text file titled BlockList.txt. You may add or remove countries as needed. I included China, Russia, and Iran. If you just want to use the default list you may skip the steps below. To add countries, do the following:
- Open the BlockList.txt file in a text editor (such as Notepad).
- Start at # China and press enter to move the list down one line. This will allow you to paste in a new block of IP addresses.
- Start the new line with a # sign and the name of the country IP list to be added (such as # United Kingdom). The script ignores anything in the line after the # sign when making entries to the firewall (see the included BlockList.txt as an example).
- After creating the new country title, press enter to create a blank line for the new list of IP addresses.
- Visit http://ipinfodb.com/ip_country_block.php#blocklist and select the desired country.
- Copy the entire list of IP addresses generated by the website.
- Paste the copied list in the BlockList.txt file below the # Country Title you created. Do not worry about a space between the last IP address and the next country. You may add a # symbol to break up the list.
- Repeat as necessary until you have added all the desired countries.
- Save and close the text file.
- Go back to the folder you downloaded and unzipped and locate the script titled Import-Firewall-Blocklist.ps1. Right-click on this file and select Run with PowerShell.
- That is it. You will see activity in the PowerShell window. Once complete, close PowerShell.
You may now check your firewall to see if the entries were created. There will 25 entries per firewall rule, so you may have numerous rules created depending on how many countries you added.Hopefully hackers from your specified countries will not be allowed to access your server or system to look for vulnerabilities.
To remove the entries you created simply open the firewall, highlight the BlockList rules, and select Delete (red X to the right).
