2

this is half a minute work with any firewall, but with the built-in firewall on Windows 2008 R2, I am stuck here for half an hour.

I want to block all incoming ICMP requests to my server, EXCEPT those IP addresses that I want. My firewall policy is to "Block all inbound requests that do not satisfy a rule"

1st attempt: I create an allow rule for only those IPs that I want. The firewall should allow only those and block all others. Result: It allows everything.

2nd attempt I create a Block rule for ICMP and for Any IP. Then I keep the same Allow rule as in 1st attempt. Result: It blocks everything.

What am I missing here ?

Update:

OK. I give up. The only thing that I can do is to Block all addresses using as scope those ranges that leave out all the IPs that I want to be allowed.

For example if I want to allow IP 100.100.100.100 is set the scope:

  1. from 0.0.0.0 to 100.100.100.99
  2. from 100.100.100.101 to 255.255.255.255

I wish there was another way.

Theo Zographos
  • 121
  • 4
  • 2
    Block ICMP echo if you _really_ must (it won't secure your systems BTW!), but I'd suggest you don't block all [ICMP](http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) packets. – Bryan Jun 17 '11 at 17:05
  • Thanks for the suggestion Bryan. However this does not answer my question – Theo Zographos Jun 17 '11 at 18:26
  • exactly why I posted it as a comment rather than an answer :) – Bryan Jun 17 '11 at 21:03

1 Answers1

2

No need to create a rule from scratch. There should be a rule called File and Printer Sharing (ICMPv4). Enable this and lock down to IPs you want.

EDIT: Make sure that you edit the correct version of firewall. I.E. Domain, if you connected to a domain etc.

Tatas
  • 2,081
  • 1
  • 13
  • 19