Im trying to figure a way to only allow a certain net, I.e 192.168.10.0, to communicate with certain ports in Windows 2008 R2 Server. The server setup is pretty simple. A single NIC facing the Internet but also able to act as DHCP for VPN clients connecting to the server.
The only way I’ve had this working so far is to set a rule where I block all traffic from 1.1.1.1-192.168.9.255 and 192.168.11.1-254.255.255.255. This will leave a gap for my 192.168.10.0/24 net, but surly there must be a better way to do this?
Thanks
Answer
Don’t think there’s a tidy answer to this. The Windows firewall doesn’t process rules in list-order, instead it processes the block rules and then the allow rules. You can specify an allow rule to override blocking, but it must be a secure connection. You could add an address range to all of the existing allow rules, but that will be a bit of a ball-bag, to use a technical term.
Attribution
Source : Link , Question Author : Eric Herlitz , Answer Author : Simon Catlin
