Blocking Unwanted Countries with Windows Firewall

I get a lot of clients asking me what they can buy for protecting themselves from countries they don’t want connecting to their office or home network since they have no business with these countries and the threat they pose in hacking.

A simple and “zero cost” solution already exists with their Windows system. Windows Firewall can be used to solve this situation in a very easy manner using distributed country IP Tables and PowerShell.

Below is a tutorial I wrote explaining the process:

How to Block County IP’s in Windows Firewall with PowerShell

Step 1: Create a directory for working with PowerShell and PowerShell Scripts. Example: C:\ip-security

Step 2: Download the PowerShell script Import-Firewall-Blocklist.ps1 from http://www.gregsitservices.com/ip-security/ip-security-package.zip and extract the PowerShell script Import-Firewall-Blocklist.ps1 to your C:\ip-security folder.

Step 3: Go to http://www.ipdeny.com/ipblocks/ and download the IP Tables in CIDR Format of the countries that you do not want accessing your windows system at all. To the Right of each list grab the “aggregated zone file” for each country. Click them on them and you will see a list of IP’s. Right click and save that file to your C:\ip-security directory using a basic format, THIS IS IMPORTANT.

Example: Save China as china.zone.txt so that if you update the zone file it will remove any Old Rules that are created. Optionally you can grab the larger lists (on the left) but, the aggregated zones are based on activity.

I recommend the following Zones:

  1. CHINA (CN) (save as china.zone.txt)
  2. KOREA, DEMOCRATIC PEOPLE’S REPUBLIC OF (KP) (save as northkorea.zone.txt)
  3. RUSSIAN FEDERATION (RU) (save as russia.zone.txt)

Step4: Run PowerShell as Administrator (right click PowerShell and select Run as Administrator).

Step 5: Type without quotes “PowerShell.exe -ExecutionPolicy Bypass” – This will set the scripts Policy of PowerShell to run so that it can make the Windows Firewall Rules.

Step 6: Begin entering the Zones into your Windows Firewall. Option 1 is for Older Versions of PowerShell. If Option 1 does not execute then use Option 2.

Option 1: Import-Firewall-Blocklist.ps1 -inputfile china.zone.txt

Option 2: .\Import-Firewall-Blocklist.ps1 -inputfile china.zone.txt

Do this for each of your Zones.

Step 7: Just for precaution let’s now set PowerShell back to Restricted Access on Scripts. Type without quotes “PowerShell.exe -ExecutionPolicy Restricted”.

That’s it we are done… I suggest you keep your zone files so that you can update them easy by overwriting them. I would update them about Once a Month if you are experiencing attacks. Below is how the rules will look inside Windows Firewall.

Note: Notice the rule names are china.zone-#001 etc.. This is why it’s important to be consistent with the file name (china.zone.txt) for future updates to overwrite and remove rules automatically to save time and effort.

Windows Firewall
Windows Firewall Zone Rules

How to Remove Zones in Windows Firewall with PowerShell

Below is how you can remove the entries using the scripts and zone files.

Option 1: Import-Firewall-Blocklist.ps1 -inputfile china.zone.txt -deleteonly

Option 2: .\Import-Firewall-Blocklist.ps1 -inputfile china.zone.txt -deleteonly

Another Country IP Table Resources:

  • http://lite.ip2location.com/ I personally use this one for many formats to choose from for different applications and/or operating systems.

ENJOY!

Spread the Love

2 Replies to “Blocking Unwanted Countries with Windows Firewall”

  1. Hi Greg – Great write up – I’m experimenting with this to lower the risks of Brute Force RDP. Basically blocking the world other than New Zealand. I’ve modified the powershell script a bit to only create inbound rules and also to create the rule specific to TCP Port 3389. Then I’ve renamed all of my zone files to RDPBlock-CN.zone etc so the Rules appear in order in Windows firewall which makes it a bit easier to play with them manually when wanting to temporarily allow a country when someone is travelling etc.

    Overall its been a very useful post for me so thanks for the tips

Leave a Reply