The fastest way to block suspicious IPs in your Windows Firewall!
This script utilizes the IP blacklist from stamparm's ipsum repository, an open-source project that tracks suspicious IP addresses based on various threat intelligence sources. The list is categorized into different "threat levels," with level 1 being the most inclusive (all potential threats), and level 8 containing only the most high-risk addresses. This allows users to adjust the level of security by selecting which level of threats to block.
xscr33mLabs IpsumWall automatically downloads the desired threat level list (defined by the 'block_level' variable), processes the IPs, and creates firewall rules in Windows to block both inbound and outbound traffic for these IPs.
- Uses Windows built-in
netsh advfirewalltool to block IP addresses by creating new firewall rules. - Splits the IP list into manageable chunks of 500 IPs per rule to avoid issues with command length limits.
- Ensures persistent firewall rules across script runs by maintaining a local cache of blocked IPs and rule numbers.
- Provides logging and a summary report that tracks the number of blocked IPs and the time taken for each execution.
- Can be run periodically or as part of a security automation pipeline to maintain an updated firewall blacklist.
- The script requires admin privileges to modify the Windows Firewall rules.
- Avoid manually deleting cache files (blocked_ips.txt and rule_number_cache.txt), as this could lead to duplicate firewall rules. If necessary, clear the existing rules in Windows Firewall before running the script again without the cache files.
- Set the desired 'block_level' (1 for maximum protection, 8 for high-risk threats only).
- Run the launch_script.bat with an double-click and let the magic happen.
This PowerShell script automates initial configurations for a Windows Server, focusing on security and performance optimization. It includes tasks like disabling unnecessary services, removing Internet Explorer, and modifying insecure firewall rules.
- Initial Server Setup: For servers requiring initial configurations for security and optimization.
- Baseline Configuration: For organizations needing a standard baseline for Windows Servers.
- Automated Administration: Useful for administrators automating initial setup tasks.
-
Disable Server Manager Task:
- Prevents the Server Manager from launching automatically on startup.
-
Disable Unnecessary Services:
- Disables non-essential services to improve server performance and security.
-
Uninstall Internet Explorer:
- Removes Internet Explorer to reduce security vulnerabilities.
-
Disable Default Firewall Rules:
- Disables various pre-enabled firewall rules, particularly those related to unnecessary or redundant services.
-
Block Outbound RDP Sessions:
- Adds a firewall rule to prevent outbound Remote Desktop Protocol (RDP) sessions.
-
Open PowerShell as Administrator:
- Right-click on the PowerShell icon and select “Run as Administrator.”
-
Execute the Script:
- Run the script by navigating to its location and executing it:
.\your_script_name.ps1
- Run the script by navigating to its location and executing it:
-
Follow Prompts:
- If the script requires elevated permissions, follow the prompts to restart it as an administrator.
- Compatibility: This script is designed for Windows Server environments.
- Script Permissions: The script must be run as an administrator for full functionality.