Home > Uncategorized > Internets: Blocking IP Ranges in Vista

Internets: Blocking IP Ranges in Vista

As the big two IP blocking programs, Protowall and PeerGuardian, are slow to write or release Vista drivers; you may want a solution to block IPs.
Vista, as any other Microsoft built-on new technology technology based OS, has IPSec policies built into it that will do the job of IP blocking.

Here I’ll cover where to obtain a list of “bad” IPs, and setting up and enabling an IPsec group policy.

You can perform steps 1-3, 13, and 14 with the IP Security Policies Management MMC snap-in.
You can not add or edit IP ranges in the GUI.
Note that netsh will not let you know it's done its job. It will only give output when it fails.

  1. Create IP Security Policy:
    netsh ipsec static add policy name="IP Security Policy"

  2. Create IP Filter list:
    netsh ipsec static add filterlist name="IP Blocklist Filter" desc="IP blocklist filter"

  3. Create Filter Action (Block) (you can’t create a rule, filter list+filter action, until at least one IP rule is added):
    netsh ipsec static add filteraction name="Block Filter Action" action=block

  4. Download this IP blocklist Batch file (1MB), updated March 10th, 2007, and run. You must keep the same filterlist name I used above.

    OR Do it yourself…

    1. Donate to Bluetack Internet Security Solutons.
    2. Download a blocklist zip from Bluetack Internet Security Solution’s site. I use Level 1.
    3. Install Blocklist Manager from Bluetack.
    4. In Blocklist Manager, import blocklist from file (leave boxes uncheck, select ProtoWall in dropdown). This will take at least five minutes.
    5. In Blocklist Manager, export blocklist to log batch (export>special>to log batch). If prompted to overwrite, go ahead. Close the Batch file when it launches.
    6. Open Log Batch in a program that allows you to insert Carriage Return characters (Writer or Word seem to work the fastest).
    7. Find and replace all the <286,000 spaces with nothing. This should take about 5 minutes on a 3.2 P4 with 1.5 GB RAM.
    8. Find and replace the <143,000 carriage return mark. This should take about 10 minutes.

      In OpenOffice Writer, find $ regular expression (click the checkbox in More Options).
      Note that, if not previously disable, Writer will prompt you to OK it shutting off the undo option for this operation after about 5 minutes.
      Replace all with \nnetsh ipsec static add filter filterlist="IP Blocklist Filter" dstaddr=ME srcaddr=
      In Microsoft Word, find ^p
      Replace all with ^pnetsh ipsec static add filter filterlist="IP Blocklist Filter" dstaddr=ME srcaddr=

    9. Verify that the first range in the file is proper.
    10. Save As a file in a temporary location, and rename it to a .bat extension.

    :End DIY section

  5. Run batch. Should take about an hour or thirty six. Yes, it will take this long. However, the Filters are stored in the registry at: HKLM\SOFTWARE\Policies\Microsoft\Windows\ IPSec\Policy\Local\ipsecdata{[some GUID]}\ as DWord ipsecdata. The specific key for me is ipsecFilter{2ed89440-e237-4135-98c1-73e75a84168c}.
  6. Add Filter Rule to IP Security Policy (you couldn’t do this before because the filter used by the rule needs to have IPs in it before it can be added to the policy):
    netsh ipsec static add rule name="IP Blocklist Rule" policy="IP Security Policy" filterlist="IP Blocklist Filter" filteraction="Block Filter Action"

  7. Turn Policy On:
    netsh ipsec static set policy "IP Security Policy" assign=y

  8. Test to see if it works by pinging an IP in the General Electric range 3.x.x.x. You should receive General Failure instead of Request Timed Out.

You now have an IP blocklist set up using the Microsoft IPSec service denying traffic.

You’re pretty safe not update for at least six months, but update whenever you’d like.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: