locked
Windows 2012 Server - Creating an exception for a block rule in the firewall RRS feed

  • Question

  • Hy, ya'll!

    I have to deploy a rule to block all outbound traffic towards port TCP 80 regardless of the destination IP, so I set up an outbound "block" rule in the Windows Firewall specifically against that port. it was straightforward and works like a charm. However, I can't seem to find a way to add one single IP as an exception to this rule.

    I tried creating a new rule allowing all traffic to the IP I'm attempting to whitelist but, from what I can gather, the blocking rules in the Windows firewall take precedence over "allow" rules so that explains why it didn't work.

    How can I work around this? All I need is to block outgoing traffic to TCP 80 on all but one IP. 

    Thanks!

    Saturday, November 24, 2018 6:13 PM

Answers

  • Hello MadagaC,

    Thank you for your question.

    Go to the Properties of your rule->Scope. Then add two IP address ranges at the yellow mark in the figure.

    One segment is 1.0.0.1 to x.x.x.x-1. The other segment is x.x.x.x+1 to 223.255.255.254.

    x.x.x.x is the exclusive IP address you want to create.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by MadagaC Wednesday, November 28, 2018 5:39 AM
    Monday, November 26, 2018 9:40 AM

All replies

  • Hello MadagaC,

    Thank you for your question.

    Go to the Properties of your rule->Scope. Then add two IP address ranges at the yellow mark in the figure.

    One segment is 1.0.0.1 to x.x.x.x-1. The other segment is x.x.x.x+1 to 223.255.255.254.

    x.x.x.x is the exclusive IP address you want to create.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by MadagaC Wednesday, November 28, 2018 5:39 AM
    Monday, November 26, 2018 9:40 AM
  • Hello! Thanks for chipping in, HK.Leon!

    Does that approach work for two or more IPs as well? That is, can I create one pair of segments in that rule as you suggested for each address I'm trying to allow?

    Appreciated!

    Tuesday, November 27, 2018 4:19 AM
  • You are welcome, MadagaC.

    Yes, it works. Just make sure that all IP addresses except those you want to exclude are included in this Scope.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 27, 2018 5:49 AM