Block IP ranges in Windows Firewall

Send Us a Sign! (Contact Us!)

If you are using Windows and have not installed a “complete” security suite for the operating system, you are likely using Windows Firewall to protect the operating system.

While there are standalone firewall applications as well, or hardware firewalls, it is likely that most users make use of the built-in firewall of the operating system.

Configuration of the firewall is not as straightforward as it can be, considering that you first need to find out how to open it, and then work your way through the menus that it makes available.

The guide that you are reading looks at one advanced configuration option: how to block IP ranges in the Windows Firewall. This is a list of IP addresses that you combine in a single expression, for instance 206.111.0.0 – 206.111.0.16 which covers all IP addresses in that range.

Note: the screenshot below shows a different rule.

Block IP ranges in Windows Firewall

How to load the firewall controls

The easiest way to load the firewall controls is the following:

Use Windows+R combination to bring up the run box of the operating system. Type WF.msc and hit the Enter key.

Block IP ranges

Block IP ranges in Windows Firewall

Note: The following guide uses the built-in firewall of Windows 7. If you are using a different Windows operating system, the way may be different.

  • Click on Inbound Rules on the Windows Firewall with Advanced Security window.
  • Select New Rule under Inbound Rules on the right menu.
  • Select Custom rule on the next screen and click on Next.
  • Leave everything as is on the screen that comes up and click Next (all programs selected).
  • Leave everything as is on the ports and protocols screen and click Next.

Select “These IP addresses” under “Which remote IP addresses does this rule apply to“,click Add, and enter the scope in the following format:

206.111.0.0/16: this works with IPv4 and IPv6 addresses. You can alternatively use the IP address range option below instead.

Note: The range 206.111.0.0/16 applies to addresses starting with the first two numbers (206.111…).

  • Click Ok, the IP range should now be listed under these IP addresses. Click Next.
  • Select Block the connection on the next screen. This blocks those IP addresses so that connections cannot be established anymore.
  • Leave everything as is on the next screen and click Next.
  • Name the new rule and add a description to it if you want.
  • The new rule appears in the Inbound rules list now.

Edit or Remove the rule

You can edit or remove the rule at any time. To edit it, double-click on it in the firewall controls and use the tabs to make modifications to the rule set.

To delete it, simply select it and hit the Delete key on your keyboard afterwards. All you need to do then is confirm the prompt and the rule gets removed from the system again.