Windows Server 2008 R2 settings method that blocks an IP access through IP Security Policy _win server

Source: Internet
Author: User

Now buy a friend of the server will find that a little new point of the hard drive has not supported the WIN2003 system, mainly to drive people do not give you, coupled with Microsoft's 2003 security also does not provide support, it will be difficult to have patches. Recommended that you use the 2008 R2 system, for the 32G/64G server, running 2003 really very wasteful.

The following cloud Habitat Community Small series for everyone to share a specific method, and finally a good thing to provide:

First, open Local security policy

1, the "Start"-"Run" input "Secpol.msc" Enter the "Local Security Policy" page opens, see Figure 1.

Figure 1

Second, manage IP filter list

1, as Figure 1, right click on "IP Security Policy, on the local computer", select "Manage IP filter list and filter action (M) ...", pop-up as shown in Figure 2, "Manage IP Filter List" Settings page. Click "Add (D) ..."

Figure 2

2, enter the corresponding name and description click "Add (A) ..." (Figure 3), then continue to click "Next (N) >" (Figure 4, Figure 5)

Figure 3

Figure 4

Figure 5

3, then to the "IP Traffic Source" page, at the source address (S): "Select a specific IP address or subnet", will need to block the IP to add in (here set the blocked IP for 10.0.32.21). Then continue clicking "Next (N) >" (Figure 6)

Figure 6

4, next specify the target address, in the "Destination Address (D):" Select "My IP Address", and then continue to click "Next (N) >" (Figure 7)

Figure 7

5, then to select the IP protocol Type page, because it is blocked all access, so in the "Select the Protocol type (S):" Select "Any" (Figure 8), click "Next (N) >" Again, to the "Finish" page (Figure 9, Figure 10)

Figure 8

Figure 9

Figure 10

Iii. Managing filter actions

1, in Figure 2 interface, select the "Manage Filter Action" tab page for the filter action, and then select "Add (D) ...", and then press the wizard to click "Next (N) >" (Figure 11, 12)

Figure 11

Figure 12

2. Next, enter a name and description for the filter, then click Next (N) > (Figure 13)

Figure 13

3, then to the filter action options, select "Block (L)", continue to click "Next (N) >", until the "completion" status, (Figure 14, 15, 16)

Figure 14

Figure 15

Figure 16

Iv. Creating IP Security Policies

1, as shown in Figure 17, on the Local Security Policy page, right click on "IP Security Policy, on the local computer", select "Create IP Security Policy (C) ..." To start creating an IP Security policy. (Figure 17, 18)

Figure 17

Figure 18

2. Next, set the corresponding "name" and "description" in the IP Security Policy Name Settings page (Figure 19), then click on "Next (N) >" (Figure 19, 20) until finished (Figure 21) to edit IP Security policy after selecting Edit property (P)

Figure 19

Figure 20

Figure 21

3. On the IP Security Control Policy Properties page (Figure 22), select "Add (D) ..." and click "Next (N) >" (Figure 23)

Figure 22

Figure 23

4, on the "Tunnel endpoint" page Select "This rule does not specify a tunnel (T)", click "Next (N) >" (Figure 24)

Figure 24

5, Next on the Network Type page, select all network Connections (C), and then click Next (N) > (Figure 25)

Figure 25

6, then to the IP Filter List Selection page, select the previously created IP filter name "Filter fundtest Server IP", and then click "Next (N) >" (Figure 26)

Figure 26

7. Select the "Deny" filter that you created prior to the filter action page, and then click Next (N) > until complete (Figure 27, 28)

Figure 27

Figure 28

8, finally in the IP Security Control Policy property Page "rules"-"IP Security Rules", select the rules set above (Figure 29), and then "OK" completed.

Figure 29

V. Allocation strategy

On the Local Security Policy page, right-click the IP control policy you created above and select Assign (A). (Figure 30)

Figure 30

It's done! (Figure 31)

Figure 31

Finish!!!

The following cloud Habitat Community Small series continues to share some knowledge:

Need to accept the

Source Address Destination Address Protocol (Port)
My IP Address Any IP address UDP (53)
Any IP address My IP Address UDP (53)

The following are ports that need to be blocked: including databases, etc.

Source Address (Any IP disciple) destination address (my IP disciple)

Agreement Port
Tcp 3095
Tcp 3096
Tcp 3097
Tcp 1025
Tcp 135
Tcp 139
Tcp 3001
Tcp 3002
Tcp 3003
Tcp 445
Udp Any
Tcp 88
Tcp 389
Tcp 464
Tcp 593
Tcp 636
Tcp 1720
Tcp 1433
Tcp 3306
Udp 123
Tcp 4899
Udp 4899

If one input is more tired ah, here is a small series of cloud-dwelling community has been organized for everyone:

win2008 Security Policy Download address

IP Security Policy Import method:

Start > Run > Gpedit.msc

Computer Configuration > Windows Settings > Security Settings > IP Security Policy > Right key > All Tasks > Import Policy

An assignment is required to enable it after import.

Well, basically it's OK, others can refer to the home of some articles.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.