How to block suspicious IP in host-level firewall?

Firewall, being the cornerstone of network security, helps protect corporate networks by blocking unwanted traffic. This can happen at two levels—network and host levels.

Network level and host level firewall, explained

A network level firewall regulates and manages the traffic entering the perimeter of your network. Whereas, the host level firewall is deployed on individual hosts and blocks attackers from gaining access to particular ports or applications even if they have trespassed the network firewall.

How to block suspicious IP addresses in a firewall

An IP, once identified as malicious, can be blocked at either the host or network level. The steps to block an IP on a network level firewall will depend on the version, type, and vendor of the firewall. Whereas, steps for configuring the host level firewall depends on the operating system of the host in which it's deployed.

This article, elaborates the steps to block an IP in Windows Firewall.

Steps to block an IP using Windows Firewall

• Open Windows firewall with Advanced Security in your Control Panel.
• Click on Inbound rules. In the Inbound rule wizard, click on New Rule.
• Under Rule Type, select Custom and click Next.
• Under Program, select All Programs and click Next.
• Under Protocol and Ports, select Any and click Next.
• In the dialogue box, under "Which Remote IP addresses does this rule apply to?" select, These IP Addresses, then add an IP address or a range and click Next.
• Select Block the Connection and click Next.
• Tick the checkboxes of Domain, Private and Public and click Next.
• Enter a name for your rule and click Finish.

Steps to block an IP for macOS

To block an IP in your Mac device, you need to logon to your router. Make sure you know your router credentials (especially the password) to do so.

• Log on to your router by providing its IP address in your web browser. ( If there is any trouble doing this, contact your network administrator).
• Navigate to System Preferences.
• Open the Networks icon.
• Click on Advanced... present at the bottom of your screen.
• Navigate to TCP/IP tab to find out your IPv4 or IPv6 address.
• Once you have logged on to your router, you can deny access to or block a single or range of IP addresses or even a website. The blocked IPs can never enter your hosts.

Maintaining an audit trail of firewall logs can help in identifying malicious IPs with the help of a threat analytics feed and understanding attack patterns in your network to a greater extent.

EventLog Analyzer, a log management solution, can collect the firewall logs and identify deviant traffic. It assists you to block the IP at a network-level by sending out a real-time alert if a known malicious source tries to intrude into your network. Click here to know how EventLog Analyzer does it.

What's next?