Windows Firewall on windows 2012R2 – add predefined group

windows-firewall

I want to add some rules to inbound connection of my win 2012 server.
All the rules should apply to a group of ip addresses.

It looks like the firewall supports groups of IP (predefined groups)
but – I can't find the way to define a new group and set it's member's ip.

How can it be done if at all ?

Best Answer

I don't think you can create custom lists of IP addresses and use them in multiple rules. The Windows Firewall is still lacking features compared to proper Firewall products.

However, one workaround would be to define your custom lists in PowerShell and then apply them to the rules:

 $List1 = @("192.168.1.0/24","10.20.30.0/24","192.168.2.25/32")
 $List2 = @("192.168.50.0/24")

 Set-NetFirewallRule -Name "IIS-WebServerRole-HTTP-In-TCP" -RemoteAddress $List1
 Set-NetFirewallRule -Name "FPS-ICMP4-ERQ-In" -RemoteAddress $List1
 Set-NetFirewallRule -Name "CoreNet-DHCPV6-Out" -RemoteAddress $List2

You just define an string array of addresses, or subnets. Then you set the scope using the Set-NetFirewallRule cmdlet.

If you want to add or remove an address, just change the list definition at the top and run the script again.

You could also save the list definition in a text-file or Excel-sheet, rather than in the script itself.

The script then also serves as a nice documentation of your Firewall rules.

You can use the PowerShell Filewall cmdlets to manage all aspects of the Windows Firewall.

Best Answer

Related Solutions

Windows 7 firewall blocking some features of the app despite custom firewall rules

Windows – Why is Windows Firewall blocking these network connections

Related Topic