I'm trying to figure out how I can create a rule that will override when conditions met an existing rule.
IE:
I create a rule that blocks port 80 & 443
then I'd like to create a rule that opens port 80 & 443 only for a specific IP or IP Range and leaves them blocked via the other rule for anyone else.
Is this possible with windows firewall?
I'm not sure of the specifics of Windows firewalls, but most firewalls work on the 1st found rule. 1st found that matches what to do with a port is used & rule reading stops. In this case, the full block of 80 & 443 is read 1st, so that's where the rules stop.
So perhaps if you trade places on the rules. Allow to IPs followed by full drop.
Your best bet would be to do the following:
Configure the default inbound (I assume) policy to block all incoming connections
1a. Ensure your other services are whitelisted as needed prior to enabling this option (e.g. RDP)
Create an allow in rule for the specific IP/range for ports 80 and 443
Windows Firewall does not operate the same way as a traditional firewall. The order of the rules DOES NOT MATTER. Block rules will always take precedence over allow rules no matter where they are displayed in the list.
Linkies
