Windows Firewall Hardening.bat

1435thundercloud

Nov 7th, 2025

261

Never

Add comment

Not a member of Pastebin yet? Sign Up, it unlocks many cool features!

Batch 5.42 KB | Source Code | 0 0

raw download clone embed print report

@echo off
setlocal enabledelayedexpansion
title Windows Firewall Hardening V8
color 0A
echo.
echo ======================================================
echo WINDOWS FIREWALL HARDENING - SIMPLEWALL COMPATIBLE
echo Press SPACEBAR after each section
echo ======================================================
echo.
:: Admin check
echo [1/6] CHECKING Admin privileges...
net session >nul 2>&1
if %errorlevel% neq 0 (
echo [ERROR] Admin required!
pause
exit /b 1
)
echo [SUCCESS] Admin CONFIRMED! ✓
echo.
:: Create logs
set "logdir=%~dp0logs"
if not exist "%logdir%" mkdir "%logdir%"
set "logfile=%logdir%\firewall_blocks_%date:~-4,4%%date:~-7,2%%date:~-10,2%_%time:~0,2%%time:~3,2%.log"
echo TEST LINE 1 > "%logfile%"
echo [2/6] LOGGING to: %logfile% ✓
echo.
echo [PRESS SPACEBAR to continue...]
pause >nul
:: IP BLOCKING (24 IPs)
echo.
echo ======================================================
echo BLOCKING 24 IP ADDRESSES
echo ======================================================
echo.
set /a ip_count=0
for %%i in (
172.172.255.216 172.172.255.217 172.172.255.218
20.165.94.63 20.190.142.167 20.242.39.171
23.210.65.236 23.37.136.134 52.123.128.14 52.123.129.14
2600:1415:10:387::2c1a 2600:1415:10:3a1::2c1a
2600:1415:10:48f::40dc 2600:1415:10:491::40dc
2603:1020:5:12::510 2603:1030:210:f::
2603:1030:210:f::1 2603:1030:210:f::2
2603:1030:800:5::bfee:a08d 2603:1030:807:e::358
2603:1030:c06:15::4a5 2603:1063:27:1::14
2603:1063:27:2::14
) do (
set /a ip_count+=1
echo [%ip_count%/24] BLOCKING %%i...
netsh advfirewall firewall add rule name="Block_%%i" dir=out action=block remoteip=%%i >nul 2>&1
netsh advfirewall firewall add rule name="Block_%%i" dir=in action=block remoteip=%%i >nul 2>&1
echo [✓] %%i BLOCKED!
echo BLOCKED %%i >> "%logfile%"
)
echo [COMPLETE] 24 IPs BLOCKED! ✓
echo.
echo [PRESS SPACEBAR to continue...]
pause >nul
:: DOMAIN BLOCKING (29 domains)
echo.
echo ======================================================
echo BLOCKING 29 DOMAINS
echo ======================================================
echo.
set /a domain_count=0
for %%d in (
client.wns.windows.com connect.facebook.net
crl3.digicert.com crl4.digicert.com ct.facebook.net
detectportal.firefox.com dns.msftncsi.com ecs.office.com
fe3cr.delivery.mp.microsoft.com fs.microsoft.com
go.microsoft.com googleads.g.doubleclick.net
login.live.com ocsp.digicert.com
settings-win.data.microsoft.com slscr.update.microsoft.com
web-sdk-cdn.singular.net wpad.net
vortex.data.microsoft.com watson.telemetry.microsoft.com
diagnostics.support.microsoft.com corp.sts.microsoft.com
statsfe2.ws.microsoft.com sqm.telemetry.microsoft.com
watson.ppe.telemetry.microsoft.com telemetry.appex.bing.net
telemetry.urs.microsoft.com cs1.wpc.v0cdn.net
statsfe1.ws.microsoft.com statsfe3.ws.microsoft.com
banggood.com aliexpress.com temu.com ebay.com
) do (
set /a domain_count+=1
echo [%domain_count%/29] RESOLVING %%d...
for /f "tokens=2 delims= " %%a in ('nslookup %%d 2^>nul ^| findstr "Address" ^| findstr "[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*"') do (
echo [✓] %%d -^> %%a BLOCKED!
netsh advfirewall firewall add rule name="Block_%%d" dir=out action=block remoteip=%%a >nul 2>&1
echo BLOCKED %%d - %%a >> "%logfile%"
)
)
echo [COMPLETE] 29 DOMAINS BLOCKED! ✓
echo.
echo [PRESS SPACEBAR to continue...]
pause >nul
:: ONLY BLOCK SPECIFIC TRAFFIC (NO DEFAULT DENY)
echo.
echo ======================================================
echo BLOCKING SPECIFIC TRAFFIC ONLY
echo (LEAVING GENERAL INTERNET ACCESS UNTOUCHED)
echo ======================================================
echo.
echo [3/6] BLOCKING TELEMETRY PORTS...
netsh advfirewall firewall add rule name="Block_Telemetry_UDP" dir=out action=block protocol=UDP remoteport=443 >nul 2>&1
echo [✓] TELEMETRY UDP BLOCKED!
echo [4/6] BLOCKING TRACKING SERVICES...
netsh advfirewall firewall add rule name="Block_Tracking" dir=out action=block program="%SystemRoot%\System32\svchost.exe" service="diagnosticshub.standardcollector.service" >nul 2>&1
echo [✓] TRACKING SERVICES BLOCKED!
echo [5/6] BLOCKING WINDOWS UPDATE METADATA...
netsh advfirewall firewall add rule name="Block_WU_Metadata" dir=out action=block remoteip=134.170.58.121,134.170.58.123,134.170.53.29,134.170.53.31 >nul 2>&1
echo [✓] WINDOWS UPDATE METADATA BLOCKED!
echo [6/6] BLOCKING EXTRA TELEMETRY...
netsh advfirewall firewall add rule name="Block_Extra_Telemetry" dir=out action=block remoteip=2.22.61.43,2.22.61.66,65.52.108.29,65.55.108.23 >nul 2>&1
echo [✓] EXTRA TELEMETRY BLOCKED!
echo.
echo [COMPLETE] SPECIFIC TRAFFIC BLOCKED! ✓
echo.
echo [PRESS SPACEBAR to continue...]
pause >nul
:: FINAL SUMMARY
echo.
echo ======================================================
echo FINAL SUMMARY
echo ======================================================
echo [✓] 24 IPs BLOCKED
echo [✓] 29 DOMAINS BLOCKED
echo [✓] SPECIFIC TRAFFIC BLOCKED
echo [✓] GENERAL INTERNET ACCESS PRESERVED
echo [LOG] %logfile%
echo.
echo NOTE: This version is compatible with SimpleWall
echo SimpleWall can handle general filtering while this script
echo blocks specific telemetry and e-commerce domains
echo.
pause

Tags: Bigtech Telemetry

Add Comment

Please, Sign In to add comment