The host-based Windows Firewall is easily managed through scripts and the NETSH.EXE command-line tool. This article is about a simple PowerShell script which can create rules to block inbound and outbound access to thousands of IP addresses and network ID ranges, such as for attackers and unwanted countries.
To get the script, download the SEC505 zip file here or from the Downloads page, open the zip and look in the “Day5-IPSec” folder for the script named Import-Firewall-Blocklist.ps1 (and the sample BlockList.txt file too). Like all the other scripts in the zip file, this script is free and in the public domain.
The script can also create firewall rules which apply only to certain interface profile types (public, private, domain, any) and/or only to certain interface media types (wireless, ras, lan, any); for example, you might wish to only block packets going through an 802.11 NIC (wireless) but only while not at home or at the office (public). The script is just a convenient wrapper around the built-in NETSH.EXE tool.
The script requires PowerShell 1.0 or later.
You must be a member of the local Administrators group.
The script runs on Windows Server 2008, Windows Vista, and later operating systems.
A text file containing addresses to block must be passed into the script as an argument. This file must have one entry per line, each line containing either a single IP address, a network ID using CIDR notation, or an IP address range in the form of StartIP–EndIP, for example, “10.4.0.0-10.4.255.254”. Both IPv4 and IPv6 are supported. Blank lines and comment lines are ignored; a comment line is any line that does not begin with a number or hex letter. Even if the input file was originally created for Apache or iptables, it can still be used as long as the formatting is compatible (or made compatible with a bit of scripting).
Note: If you want similar scripts for Windows XP and Server 2003, that same zip file above also contains VBS and BAT scripts that all begin with the word “Firewall_*”. Look in the VBScript directory.