Windows Server 2008 R2 Firewall — Block ICMP except specific IPs

windows-firewall

this is half a minute work with any firewall, but with the built-in firewall on Windows 2008 R2, I am stuck here for half an hour.

I want to block all incoming ICMP requests to my server, EXCEPT those IP addresses that I want. My firewall policy is to "Block all inbound requests that do not satisfy a rule"

1st attempt:
I create an allow rule for only those IPs that I want. The firewall should allow only those and block all others. Result: It allows everything.

2nd attempt
I create a Block rule for ICMP and for Any IP.
Then I keep the same Allow rule as in 1st attempt.
Result: It blocks everything.

What am I missing here ?

Update:

OK. I give up. The only thing that I can do is to Block all addresses using as scope those ranges that leave out all the IPs that I want to be allowed.

For example if I want to allow IP 100.100.100.100
is set the scope:

from 0.0.0.0 to 100.100.100.99
from 100.100.100.101 to 255.255.255.255

I wish there was another way.

Best Answer

No need to create a rule from scratch. There should be a rule called File and Printer Sharing (ICMPv4). Enable this and lock down to IPs you want.

EDIT: Make sure that you edit the correct version of firewall. I.E. Domain, if you connected to a domain etc.

Related Solutions

Firewall – Allow Only US Traffic (Server 2008 R2)

I think that you need to seriously re-evaluate what you're trying to do if you're concerned about which order your firewall rules are in. This is going to be a complete logistical nightmare. Based on what you've outined, option 3 does sound like the best.

Security – Configure Windows Firewall to block all except for specific traffic

I see there are three policies - public/private/domain. I've been making the same setting changes to each one, though I only have a single NIC and its assigned the domain policy.

As an aside, making changes to the firewall policies for public and private won't have any effect as long as your NIC is still using the Domain network profile.

According to this documentation the allow rules are supposed to take precedence over default rules. I want to set my default rule to block all traffic and only allow certain traffic with allow rules.

You are doing this the hard way. The default policy of the Domain profile implements a default deny ingress policy and a default allow egress (i.e, Inbound connections are blocked and Outbound connections are allowed.) If you've changed these defaults you can set them back in the Windows Firewall Properties dialog.

Then to enable ICMP traffic enable the following two allow rules:

   File and Printer Sharing (Echo Request - ICMPv4-In)
   File and Printer Sharing (Echo Request - ICMPv6-In)

Best Answer

Related Solutions

Firewall – Allow Only US Traffic (Server 2008 R2)

Security – Configure Windows Firewall to block all except for specific traffic

Related Topic