Open MovGP0 opened 2 years ago
New-NetFirewallRule
from the NetSecurity
powershell module will not work because the parameter -RemoteAddress
has to be an IPv4 or IPv6 address, subnet, range or keyword like DHCP, WINS ...
In other words the firewall cannot block on domain name level but on ip address level. This would lead to more problems like performance (you have to resolve every single entry which is time consuming and most dns servers have query limits) and failure (some domain names can be resolve differently depending on your dns server, location)
IMHO the current solution using the hosts file has 2 performance problems:
127.0.0.1
or ::1
)I tested a hosts file containing about 1 million lines resolving to 0.0.0.0
and had to reboot my computer into safe mode to restore my old version, so I'm still looking for a lightweight solution, too.
It seems to me that using this script drastically reduces the browsing performance. I guess it has to do with the fact, that the browser tries to create a connection to localhost and waits till the timeout.
So I'm wondering if it would be possible to create windows firewall rules (using
New-NetFirewallRule
from theNetSecurity
powershell module) instead of thehosts
file.I think this could result in a better performance, since the firewall would block the request with an HTTP 403(?) right away; instead of waiting for a timeout. It would also enable to add the rules to the AD domain and distribute it within a company network.