Windows, How to firewall block a list of IP addresses

Sometimes you need to block a list of IP addresses in a file from connecting to your server or workstation. Here is one way to do that using the Windows firewall and a cmd batch file.

The method is not original, its described in many places. This was described in a posting here.

Step 1 - save the following to blockit.bat

@echo off
if "%1"=="list" (
netsh advfirewall firewall show rule Blockit | findstr RemoteIP
exit/b
)

:: Deleting existing block on ips
netsh advfirewall firewall delete rule name="Blockit"

:: Block new ips (while reading them from blockit.txt)
for /f %%i in (blockit.txt) do (

netsh advfirewall firewall add rule name="Blockit" protocol=any dir=in action=block remoteip=%%i

netsh advfirewall firewall add rule name="Blockit" protocol=any dir=out action=block remoteip=%%i

)

:: call this batch again with list to show the blocked IPs
call %0 list

 Step 2 - save a list of IP addresses to blockit.txt

5.9.212.53
5.79.85.212
46.38.51.49
46.165.193.67
46.165.222.212

Step 3 - run the batchfile

a. [to read] blockit.txt and block ip addresses

c:\> blockit.bat blockit.txt

b. [to list] the ip addresses currently blocked

c:\> blockit.bat list

c. [to unblock] all of the ip addresses that were blocked

c:\> netsh advfirewall firewall delete rule name="Blockit"