TechQA.

How to block all but a specific list of IP addresses on a given port using IPSEC on Windows?

2.1k views Asked by At

I have a list of IP addresses.

L={x.x.x.x,y.y.y.y,...etc}

I want to block all IP addresses except for the ones in the above list.

How to do using IPSEC commands in windows machine?

I tried to figure out from the following Microsoft link. But no luck :-(

Example:

My target: Block all ips on 198.18.84.161:80 except for the IP 198.18.84.162

I tried the following.

1) To block all ips on port 80.

Steps:

netsh ipsec static add filterlist name=filterlist_198.18.84.161

netsh ipsec static add filter filterlist=filterlist_198.18.84.161 srcaddr=any dstaddr=Me protocol=tcp srcport=0 dstport=80

netsh ipsec static add filteraction name=action_198.18.84.161 action=block

netsh ipsec static add policy name=policy_198.18.84.161 assign=yes

netsh ipsec static add rule name=rule_198.18.84.161 policy=policy_198.18.84.161 filterlist=filterlist_198.18.84.161 filteraction=action_198.18.84.161

Result: It blocked all ips on port 80

2) To Allow IP 198.18.84.162 on port 80 of the machine 198.18.84.161

Steps:

netsh ipsec static add filterlist name=filterlist_198.18.84.162

netsh ipsec static add filter filterlist=filterlist_198.18.84.162 srcaddr=198.18.84.162 dstaddr=Me protocol=tcp srcport=0 dstport=80

netsh ipsec static add filteraction name=action_198.18.84.162 action=permit

netsh ipsec static add policy name=policy_198.18.84.162 assign=yes

netsh ipsec static add rule name=rule_198.18.84.162 policy=policy_198.18.84.162 filterlist=filterlist_198.18.84.162 filteraction=action_198.18.84.162

Result: This unblocked all IPs on port 80 instead of only unblocking 198.18.84.162

ip block netsh ipsec
Original Q&A
1

There are 1 answers

0
Aditya On

I found the answer myself.

Below are the steps:

1.Block all Ips on Port 80

netsh ipsec static add filterlist name=filterlist_198.18.84.161

netsh ipsec static add filter filterlist=filterlist_198.18.84.161 srcaddr=any dstaddr=Me protocol=tcp srcport=0 dstport=80

netsh ipsec static add filteraction name=action_198.18.84.161 action=block

netsh ipsec static add policy name=policy_198.18.84.161 assign=yes

netsh ipsec static add rule name=rule_198.18.84.161 policy=policy_198.18.84.161 filterlist=filterlist_198.18.84.161 filteraction=action_198.18.84.161

2.Allow specfic Ip on port 80.

netsh ipsec static add filterlist name=filterlist_198.18.84.162

netsh ipsec static add filter filterlist=filterlist_198.18.84.162 srcaddr=198.18.84.162 dstaddr=Me protocol=tcp srcport=0 dstport=80

netsh ipsec static add filteraction name=action_198.18.84.162 action=permit

netsh ipsec static add rule name=rule_198.18.84.162 policy=policy_198.18.84.161 filterlist=filterlist_198.18.84.162 filteraction=action_198.18.84.162

The trick was use same policy for both the rules above.

Related Questions in IP

Related Questions in BLOCK

Related Questions in NETSH

Related Questions in IPSEC

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions