0

I'm trying to create a PS script that creates a Windows firewall rule, blocking the port "6672" for a certain .exe file on an INBOUND connection but lets me have the option to whitelist certain IPs.

The way to do this manually means I have to block the port (6672) for my .exe file completely to ALL IP's then add a range leaving out the IP's I want to whitelist.

For Example if I want to add "192.168.0.3" I have to set a range on the rule for "0.0.0.0" to "192.168.0.2" then another for "192.168.0.4" to "255.255.255.255". The reason I have to do it this was it that in Windows firewall it looks like you cannot whitelist single IP's from a block rule and block rules override any allow rules.

So back to my original point, I'm really struggling for ideas on how to resolve this at the moment as I can't find a workaround. Is there a way anybody knows of to be able to exclude certain IP's from a rule or how to make an allow rule be prioritised over a block rule?

EDIT

So i have THIS CODE:

New-NetFirewallRule -DisplayName "GTAO" -Direction Inbound -LocalPort 6672 -Protocol UDP -Action Block
New-NetFirewallRule -DisplayName "GTAO" -Direction Outbound -LocalPort 6672 -Protocol UDP -Action Block

I basically want something like this to override the previous rule creating a "whitelist" on this rule for individual IP's

$UIP = Read-Host "Enter IP to whitelist"
New-NetFirewallRule -DisplayName "GTA$UIP" -Direction Inbound -LocalPort 6672 -Protocol UDP -Action Allow -RemoteAddress $UIP
Sam.92
  • 71

1 Answers1

0

This is not a PS specific issue, but a 'How do I make WF do X or Y that it was not designed for.'

Very similar to this discussion and suggestions, some of which you have already hinted at.

How to Make One Exception to a Windows Firewall Outbound Rule

How to Make One Exception to a Windows Firewall Outbound Rule

According to the Windows Firewall documentation, block rules always take precedence over allow rules, therefore even if your allow rule looks more specific than a block rule, the allow rule will not work, and the traffic matching both allow and block rules will be blocked. The option “Allow this firewall rule to override block rules” is available only for rules which require IPSec, and is not available for outbound rules.

The only thing you could do with Windows Firewall to achieve something close to what you need is to switch the default behavior for outbound connections to “Block”, then add explicit allow rules for all outbound connections that you need (not just for that single program). Alternatively, you can look for third-party firewall software with more features.

... you can make the above rule for a single program as well, simply set the rule for a program not all programs.

so you set up 2 or more rules (depending on how many ip addresses you want to allow) and block all others. so for example if you only want to allow

10.10.10.10

and

20.20.20.20

you set up rules:

block from 0.0.0.0 to 10.10.10.9 and 10.10.10.11 to 20.20.20.19 and 20.20.20.21 to 255.255.255.255

postanote
  • 5,136