I have more that 1k sever to block RPC and SMB ports for all inbound connection but allow it for specific IP addresses. Below is my basic commands to implement 4 different rules. Two block and 2 to allow. It doesn’t work. It still allows non specified IP address. Any help I can get to resires this will be highly welcome.
New-NetFirewallRule `-DisplayName “BLOCK ln(RPC/SMB TCP Port 137,139,445) inbound” `
-Name “RPC/SMB (TCP Port 137,139,445) inbound” `
<p dir=“ltr” style=“text-align: left;”> -Description ‘This rule blocks all (RPC/SMB TCP port 135,137,139) from inbound access’ `
-Direction Inbound `
-Enabled False `
-Action Block `
-Profile Any `
-Protocol TCP `
-LocalPort 137,139,445 `
-RemotePort 137,139,445</p>
<p dir=“ltr”> New-NetFirewallRule `
-DisplayName “RPC/SMB (UDP Port 135,137,139) inbound” `
-Name “RPC/SMB (UDP Port 135,137,139) inbound” `
-Description ‘This rule blocks all (RPC/SMB UDP port 135,137,139) from inbound access’ `
-Direction Inbound `
-Enabled False `
-Action Block `
-Profile Any `
-Protocol UDP `
-LocalPort 135,137,139</p>
<p dir=“ltr”>
New-NetFirewallRule `
-DisplayName “ALLOW (RPC/SMB TCP Port 137,139,445) inbound” `
-Name “ALLOW (RPC/SMB TCP Port 135,139) inbound ALLOWED” `
-Description ‘This rule allow Inbound traffic to specific IP Adresses’ `
-Direction Inbound `
-Enabled False `
-Action Allow `
-Profile Any `
-Protocol TCP `
-LocalPort 137,139,445 `
-RemotePort 137,139,445 `
-RemoteAddress ‘192.168.0.110’</p>
<p dir=“ltr”>
New-NetFirewallRule `
-DisplayName “.TAP-10_ALLOW (RPC/SMB UDP Port 135,137,139) inbound” `
-Name “.TAP-10_ALLOW (RPC/SMB UDP Port 135,137,139) inbound ALLOWED” `
-Description ‘This rule allow Inbound traffic to specific IP Adresses’ `
-Direction Inbound `
-Enabled False `
-Action Allow `
-Profile Any `
-Protocol UDP `
-LocalPort 135,137,139 `
-RemotePort 135,137,139 `
-RemoteAddress ‘192.168.0.110’</p>