On Windows 2008 R2, you can enable the Windows firewall:
- Click "Start".
- Type "cmd.exe" and hit enter.
- In the box, type or copy+paste these commands to enable the firewall while allowing all connections by default:
netsh advfirewall set publicprofile firewallpolicy allowinbound,allowoutbound
netsh advfirewall set publicprofile state on
- Enter a firewall rule for your desired behavior. For instance, to block a certain IP, you might use (all on one line):
netsh advfirewall firewall add rule name="block 220.127.116.11" dir=in remoteip=18.104.22.168 action=block
Or to block a certain destination port, you might use:
netsh advfirewall firewall add rule name="block port 27015" dir=in protocol=udp localport=27015 action=block
To delete rules, you can use other commands, or the "Windows Firewall with Advanced Security" dialog. For instance, to show rules that have been previously created (including the default Windows rules, which you can safely remove), use this command:
netsh advfirewall firewall show rule name=all
For a list of overall commands, just type "netsh advfirewall firewall" or the more specific section that you want to view information on, such as "netsh advfirewall firewall add rule".
On Windows 2003, one way of doing it is to enable ipsec and then add your rules:
- Download the ipseccmd.exe utility and put it in your "c:\Windows\system32" folder.
- Click Start->Run and type "cmd.exe".
- At the command prompt, enter desired rules. For instance, to block a specific IP, you might use:
ipseccmd -f "0+192.168.1.*"
The "-f" means that we are adding a rule to the default set.
The "0" means that on the sender (source) we are looking at all local IPs. Similarly, "*" would mean any ips.
The "192.168.1.*" means that on the receiver (destination) we are looking at any IPs fitting the wildcard. It also allows masks, like 192.168.1.255/255.255.255.0, or for a single IP, like 192.168.1.1.
The "+" means that this rule should be applied in both directions (use "=" if you just want one direction).
To clear all rules use this:
You can also allow or block access to certain ports/protocols. For instance, this would allow connections from TCP port 80 locally to any TCP port on 22.214.171.124:
ipseccmd -f "(0:80=192.168.1.30::tcp)"
The parentheses here mean allow, and the port and protocol are separated by colons. Brackets --  -- are a synonym for block.
Specifying a port number of "0" blocks all ports, just as "0" blocks all IPs.
More information can be found with:
To see a list of filters:
ipseccmd show filters