I am using firewall included in sp2. I would like to block somebody by his
IP how can I do this ?
You can't do that with the firewall, but you can do it using IPSEC. It
is not an easy interface to deal with. Go to:
Start\Programs\AdministrativeTools\LocalSecurityPolicy\IPSecurityPolicies
For just a few filters, it might be easier to use the MS command-line
utility IPSECCMD.EXE (from Support Tools (CD) ... a separate download is
required to upgrade IPSECCMD.EXE to SP2). With it, a single, two-way,
"block" filter for IP n.n.n.n can be installed as follows (all one
line):
ipseccmd -f [n.n.n.n+0] ("0" meaning "all my IPs")
or either of the more elaborate versions:
ipseccmd -f [n.n.n.n+m.i.n.e] (using your public IP address)
ipseccmd -f [n.n.n.n+{8242C50C-36A7-40C0-BE0B-B3CC705D3117}]
where the {CLSID} is replaced by the {CLSID} of your internet interface
(better if your IP changes). Find that {CLSID} in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
IPSECCMD and the LocalSecurityPolicy snap-in also allow
blocking/allowing entire subnets (one-way/two-way), protocols, and
ports.
