Windows : Blocking IP from command line

By | November 8, 2014

Here is two commands to wither block a single or group of IPs on the Windows Firewall using the command line. Please note that you will need elevated privileges to run these commands.

1. Block a single IP (or subnet*)

netsh advfirewall firewall add rule name="IP Block" dir=in interface=any action=block remoteip=<IP_Address>/32

*You will need to change the mask “/32” with the actual subnet mask to block the entire subnet.

Example (using IP 192.168.0.10) :

netsh advfirewall firewall add rule name="IP Block" dir=in interface=any action=block remoteip=192.169.0.10/32

2. Block a list of IPs/subnets

– You will first need to create your list of IPs/subnet in a plain text file, one entry per line and name it as “ips.txt”
– Then, run the following command under the same location where your file “ips.txt” has been saved

for /f %i in (ips.txt) do echo netsh advfirewall firewall add rule name="Block %i" dir=in protocol=any action=block remoteip=%i

NOTE : Additionally, you can also block the traffic from your machine toward the remote host (outbound) by modifying the “dir=in” statement to “dir=out”.