Operation Digital Shield
Most people who are in any wise paying attention by this point have heard of the Chinese attack on Google. However, after I read this article published on Wired.com's digital security blog Threat Level, I saw the true scope of the attacks. Already irritated with China from the outset, I decided to craft my own Great Firewall. Given that any traffic could potentially be a vector, I decided to simply out and out IP-ban China in its entirety. If you want to send a message to the Chinese government, or are just concerned about your system, it isn't difficult to do with a bit of batch scripting.
I'm running Windows 7, so the exact commands will probably work verbatim on Vista, but may require tweaking for XP. The first step is to open the command line and get familiar with netsh. netsh is a very deep tool with a great deal of power, but we're mainly interested in using it to set firewall rules programatically. First, type netsh to enter the program's interactive environment. Then, type advfirewall firewall to access the firewall controls. Type add rule ? to get a help message explaining how to use the command. Pay close attention to the syntax of the add rule command. Optional parameters are listed in square brackets. After a few misses getting started, I found that the command I needed was:
netsh advfirewall firewall add rule name="myrule" action=block dir=in protocol=any localip=any remoteip=
This sets up a firewall rule that blocks any incoming traffic of any sort to any IP address my machine happens to have (on any interface) from anything listed in the remoteip argument. So far, so good. Next, I had to hunt down a list of IP addresses for China. A few minutes with Google yielded blockacountry.com, which keeps IP address lists for each nation. Generating an IP list was a simple process of selecting the country from a list, and clicking a button. However, the list is generated in the form of an apache .htaccess file, so it will need a bit of work first.
Copying the contents of the file to Notepad++, I first manually deleted the start and end lines of the file, leaving only the 'deny from <address>' lines. Next, I use the find/replace dialog (Ctrl+H) to clean up the list, replacying "deny from " with nothing, and replacing "\r\n" with ",\r\n" with Regular Expressions turned on to put a comma at the end of every line. Now, break the list down into blocks of about 220 lines or so. This is necessary because there is a limit to how much can be placed in a single command line entry, so we'll distribute the list over a group of about 6 rules. It's easy to count the lines if you position the cursor at the start of the first line of a group, and then hold the shift key to select while hitting the down arrow key to move down. A counter in the status bar of Notepad++ will tell you how many lines are selected. When you have a group selected, hit Ctrl+J to pull them all onto one line. After doing this for all the groups, you should be left with only about six really long lines of IP addresses seperated with commas. Do one more find/replace with regular expressions, replacing "\x20" with nothing to get rid of any remaining spaces, and trim the last comma off the end of each line.
Now, all we have to do is paste the command above in front of each line of IP addresses, and rename the rules to something useful. I used "China IP Ban - Incoming (Part 1)" with 1-6 for each of the rules. (Each one has to be named something different!) Also noticing that the article suggests that many computers may already be infected with sleeper agents, I copied and pasted the rules, changing the dir=in argument to dir=out, and changing "Incoming" in the name to "Outgoing", for a total of 12 rules, blocking anything inbound or outbound to/from China. Save the text file with a .bat extension, and run it as administrator to create the firewall rules.
I know already some of the more experienced network administrators are probably rolling their eyes. Yes, this is a first attempt, and it's far from bulletproof. But it completely closes the most direct avenue of attack, and makes it that much more difficult for a hacker.
For reference, I've appended the plain-text version of my final batch script. I urge you to walk through the steps above before using it to make certain you have some idea of what it does and how it does it. That said, this comes with no warranties of any kind, use at your own risk, yadda, yadda.
Show/Hide Batch File
UPDATE:
As has been pointed out to me, there are other, and probably more effective ways of doing this. However, this method is instructive in learning more about the Windows firewall, and demonstrates some tricks for when other methods aren't available. That said, one of the better ways is through the open-source program PeerBlock, which can be subscribed to a number of ban lists available at iBlockList, including a list of IP ranges in China. Expect to have to make a few manual edits to unblock sites that you use, because the lists are quite extensive.
I'm running Windows 7, so the exact commands will probably work verbatim on Vista, but may require tweaking for XP. The first step is to open the command line and get familiar with netsh. netsh is a very deep tool with a great deal of power, but we're mainly interested in using it to set firewall rules programatically. First, type netsh to enter the program's interactive environment. Then, type advfirewall firewall to access the firewall controls. Type add rule ? to get a help message explaining how to use the command. Pay close attention to the syntax of the add rule command. Optional parameters are listed in square brackets. After a few misses getting started, I found that the command I needed was:
netsh advfirewall firewall add rule name="myrule" action=block dir=in protocol=any localip=any remoteip=
This sets up a firewall rule that blocks any incoming traffic of any sort to any IP address my machine happens to have (on any interface) from anything listed in the remoteip argument. So far, so good. Next, I had to hunt down a list of IP addresses for China. A few minutes with Google yielded blockacountry.com, which keeps IP address lists for each nation. Generating an IP list was a simple process of selecting the country from a list, and clicking a button. However, the list is generated in the form of an apache .htaccess file, so it will need a bit of work first.
Copying the contents of the file to Notepad++, I first manually deleted the start and end lines of the file, leaving only the 'deny from <address>' lines. Next, I use the find/replace dialog (Ctrl+H) to clean up the list, replacying "deny from " with nothing, and replacing "\r\n" with ",\r\n" with Regular Expressions turned on to put a comma at the end of every line. Now, break the list down into blocks of about 220 lines or so. This is necessary because there is a limit to how much can be placed in a single command line entry, so we'll distribute the list over a group of about 6 rules. It's easy to count the lines if you position the cursor at the start of the first line of a group, and then hold the shift key to select while hitting the down arrow key to move down. A counter in the status bar of Notepad++ will tell you how many lines are selected. When you have a group selected, hit Ctrl+J to pull them all onto one line. After doing this for all the groups, you should be left with only about six really long lines of IP addresses seperated with commas. Do one more find/replace with regular expressions, replacing "\x20" with nothing to get rid of any remaining spaces, and trim the last comma off the end of each line.
Now, all we have to do is paste the command above in front of each line of IP addresses, and rename the rules to something useful. I used "China IP Ban - Incoming (Part 1)" with 1-6 for each of the rules. (Each one has to be named something different!) Also noticing that the article suggests that many computers may already be infected with sleeper agents, I copied and pasted the rules, changing the dir=in argument to dir=out, and changing "Incoming" in the name to "Outgoing", for a total of 12 rules, blocking anything inbound or outbound to/from China. Save the text file with a .bat extension, and run it as administrator to create the firewall rules.
I know already some of the more experienced network administrators are probably rolling their eyes. Yes, this is a first attempt, and it's far from bulletproof. But it completely closes the most direct avenue of attack, and makes it that much more difficult for a hacker.
For reference, I've appended the plain-text version of my final batch script. I urge you to walk through the steps above before using it to make certain you have some idea of what it does and how it does it. That said, this comes with no warranties of any kind, use at your own risk, yadda, yadda.
Show/Hide Batch File
netsh advfirewall firewall add rule name="China IP Ban - Outgoing (Part 1)" action=block dir=out protocol=any localip=any remoteip=58.14.0.0/15,58.16.0.0/16,58.17.0.0/17,58.17.128.0/17,58.18.0.0/16,58.19.0.0/16,58.20.0.0/16,58.21.0.0/16,58.22.0.0/15,58.24.0.0/15,58.30.0.0/15,58.32.0.0/13,58.40.0.0/15,58.42.0.0/16,58.43.0.0/16,58.44.0.0/14,58.48.0.0/13,58.56.0.0/15,58.58.0.0/16,58.59.0.0/17,58.59.128.0/17,58.60.0.0/14,58.66.0.0/15,58.68.128.0/17,58.82.0.0/15,58.87.64.0/18,58.99.128.0/17,58.100.0.0/15,58.116.0.0/14,58.128.0.0/13,58.144.0.0/16,58.154.0.0/15,58.192.0.0/15,58.194.0.0/15,58.196.0.0/15,58.198.0.0/15,58.200.0.0/13,58.208.0.0/12,58.240.0.0/15,58.242.0.0/15,58.244.0.0/15,58.246.0.0/15,58.248.0.0/13,59.32.0.0/13,59.40.0.0/15,59.42.0.0/16,59.43.0.0/16,59.44.0.0/14,59.48.0.0/16,59.49.0.0/17,59.49.128.0/17,59.50.0.0/16,59.51.0.0/17,59.51.128.0/17,59.52.0.0/14,59.56.0.0/14,59.60.0.0/15,59.62.0.0/15,59.64.0.0/14,59.68.0.0/14,59.72.0.0/15,59.74.0.0/15,59.76.0.0/16,59.77.0.0/16,59.78.0.0/15,59.80.0.0/14,59.107.0.0/17,59.107.128.0/17,59.108.0.0/15,59.110.0.0/15,59.151.0.0/17,59.155.0.0/16,59.172.0.0/15,59.174.0.0/15,59.191.0.0/17,59.192.0.0/10,60.0.0.0/13,60.8.0.0/15,60.10.0.0/16,60.11.0.0/16,60.12.0.0/16,60.13.0.0/18,60.13.64.0/18,60.13.128.0/17,60.14.0.0/15,60.16.0.0/13,60.24.0.0/14,60.28.0.0/15,60.30.0.0/16,60.31.0.0/16,60.55.0.0/16,60.63.0.0/16,60.160.0.0/15,60.162.0.0/15,60.164.0.0/15,60.166.0.0/15,60.168.0.0/13,60.176.0.0/12,60.194.0.0/15,60.200.0.0/14,60.204.0.0/16,60.205.0.0/16,60.206.0.0/15,60.208.0.0/13,60.216.0.0/15,60.218.0.0/15,60.220.0.0/14,60.232.0.0/15,60.235.0.0/16,60.245.128.0/17,60.247.0.0/16,60.252.0.0/16,60.253.128.0/17,60.255.0.0/16,61.4.80.0/20,61.4.176.0/20,61.8.160.0/20,61.28.0.0/20,61.28.16.0/20,61.28.32.0/19,61.28.64.0/18,61.29.128.0/18,61.29.192.0/19,61.29.224.0/20,61.29.240.0/20,61.45.128.0/18,61.47.128.0/18,61.48.0.0/14,61.52.0.0/15,61.54.0.0/16,61.55.0.0/16,61.87.192.0/18,61.128.0.0/15,61.130.0.0/15,61.132.0.0/16,61.133.0.0/17,61.133.128.0/17,61.134.0.0/18,61.134.64.0/19,61.134.96.0/19,61.134.128.0/18,61.134.192.0/18,61.135.0.0/16,61.136.0.0/18,61.136.64.0/18,61.136.128.0/17,61.137.0.0/17,61.137.128.0/17,61.138.0.0/18,61.138.64.0/18,61.138.128.0/18,61.138.192.0/18,61.139.0.0/17,61.139.128.0/18,61.139.192.0/18,61.140.0.0/14,61.144.0.0/14,61.148.0.0/15,61.150.0.0/15,61.152.0.0/16,61.153.0.0/16,61.154.0.0/15,61.156.0.0/16,61.157.0.0/16,61.158.0.0/17,61.158.128.0/17,61.159.0.0/18,61.159.64.0/18,61.159.128.0/17,61.160.0.0/16,61.161.0.0/18,61.161.64.0/18,61.161.128.0/17,61.162.0.0/16,61.163.0.0/16,61.164.0.0/16,61.165.0.0/16,61.166.0.0/16,61.167.0.0/16,61.168.0.0/16,61.169.0.0/16,61.170.0.0/15,61.172.0.0/14,61.176.0.0/16,61.177.0.0/16,61.178.0.0/16,61.179.0.0/16,61.180.0.0/17,61.180.128.0/17,61.181.0.0/16,61.182.0.0/16,61.183.0.0/16,61.184.0.0/14,61.188.0.0/16,61.189.0.0/17,61.189.128.0/17,61.190.0.0/15,61.232.0.0/14,61.236.0.0/15,61.240.0.0/14,116.1.0.0/16,116.2.0.0/15,116.4.0.0/14,116.8.0.0/14,116.13.0.0/16,116.16.0.0/12,116.52.0.0/14,116.56.0.0/15,116.58.128.0/20,116.58.208.0/20,116.60.0.0/14,116.66.0.0/17,116.69.0.0/16,116.70.0.0/17,116.76.0.0/15,116.78.0.0/15,116.89.144.0/20,116.90.184.0/21,116.95.0.0/16,116.112.0.0/14
netsh advfirewall firewall add rule name="China IP Ban - Outgoing (Part 2)" action=block dir=out protocol=any localip=any remoteip=116.116.0.0/15,116.128.0.0/10,116.192.0.0/16,116.193.16.0/20,116.193.32.0/19,116.194.0.0/15,116.196.0.0/16,116.198.0.0/16,116.199.0.0/17,116.199.128.0/19,116.204.0.0/15,116.207.0.0/16,116.208.0.0/14,116.212.160.0/20,116.213.64.0/18,116.213.128.0/17,116.214.32.0/19,116.214.64.0/20,116.214.128.0/17,116.215.0.0/16,116.216.0.0/14,116.224.0.0/12,116.242.0.0/15,116.244.0.0/15,116.246.0.0/15,116.248.0.0/15,116.252.0.0/15,116.254.128.0/17,116.255.128.0/17,117.8.0.0/13,117.21.0.0/16,117.22.0.0/15,117.24.0.0/13,117.32.0.0/13,117.40.0.0/14,117.44.0.0/15,117.48.0.0/14,117.53.48.0/20,117.53.176.0/20,121.0.16.0/20,121.4.0.0/15,121.8.0.0/13,121.16.0.0/13,121.24.0.0/14,121.28.0.0/15,121.30.0.0/16,121.31.0.0/16,121.32.0.0/14,121.36.0.0/16,121.37.0.0/16,121.38.0.0/15,121.40.0.0/14,121.46.0.0/16,121.47.0.0/16,121.48.0.0/15,121.51.0.0/16,121.55.0.0/18,121.56.0.0/15,121.58.0.0/17,121.59.0.0/16,121.60.0.0/14,121.68.0.0/14,121.76.0.0/15,121.89.0.0/16,121.100.128.0/17,121.192.0.0/16,121.193.0.0/16,121.194.0.0/15,121.201.0.0/16,121.204.0.0/14,121.224.0.0/12,121.248.0.0/14,121.255.0.0/16,122.0.64.0/18,122.0.128.0/17,122.4.0.0/14,122.8.0.0/13,122.48.0.0/16,122.49.0.0/18,122.51.0.0/16,122.64.0.0/11,122.96.0.0/15,122.102.0.0/20,122.102.64.0/20,122.102.80.0/20,122.136.0.0/13,122.144.128.0/17,122.152.192.0/18,122.156.0.0/14,122.192.0.0/14,122.198.0.0/16,122.200.64.0/18,122.204.0.0/14,122.224.0.0/12,122.240.0.0/13,122.248.48.0/20,123.0.128.0/18,123.4.0.0/14,123.8.0.0/13,123.49.128.0/17,123.52.0.0/14,123.56.0.0/13,123.64.0.0/11,123.96.0.0/15,123.98.0.0/17,123.99.128.0/17,123.100.0.0/19,123.101.0.0/16,123.103.0.0/17,123.108.128.0/20,123.108.208.0/20,123.112.0.0/12,123.128.0.0/13,123.136.80.0/20,123.137.0.0/16,123.138.0.0/15,123.144.0.0/14,123.148.0.0/16,123.149.0.0/16,123.150.0.0/15,123.152.0.0/13,123.160.0.0/14,123.164.0.0/14,123.168.0.0/14,123.172.0.0/15,123.174.0.0/15,123.176.80.0/20,123.177.0.0/16,123.178.0.0/15,123.180.0.0/14,123.184.0.0/14,123.188.0.0/14,123.196.0.0/15,123.199.128.0/17,123.206.0.0/15,123.232.0.0/14,123.242.0.0/17,123.244.0.0/14,123.249.0.0/16,123.253.0.0/16,124.6.64.0/18,124.14.0.0/15,124.16.0.0/15,124.20.0.0/16,124.21.0.0/20,124.21.16.0/20,124.21.32.0/19,124.21.64.0/18,124.21.128.0/17,124.22.0.0/15,124.29.0.0/17,124.40.128.0/18,124.42.0.0/17,124.47.0.0/18,124.64.0.0/15,124.66.0.0/17,124.67.0.0/16,124.68.0.0/14,124.72.0.0/16,124.73.0.0/16,124.74.0.0/15,124.76.0.0/14,124.88.0.0/16,124.89.0.0/17,124.89.128.0/17,124.90.0.0/15,124.92.0.0/14,124.108.8.0/21,124.108.40.0/21,124.112.0.0/15,124.114.0.0/15,124.116.0.0/16,124.117.0.0/16,124.118.0.0/15,124.126.0.0/15,124.128.0.0/13,124.147.128.0/17,124.156.0.0/16,124.160.0.0/16,124.161.0.0/16,124.162.0.0/16,124.163.0.0/16,124.164.0.0/14,124.172.0.0/15,124.174.0.0/15,124.192.0.0/15,124.196.0.0/16,124.200.0.0/13,124.220.0.0/14,124.224.0.0/16,124.225.0.0/16,124.226.0.0/15,124.228.0.0/14,124.232.0.0/15,124.234.0.0/15,124.236.0.0/14,124.240.0.0/17,124.242.0.0/16,124.243.192.0/18,124.248.0.0/17,124.249.0.0/16,124.250.0.0/15,124.254.0.0/18,125.31.192.0/18,125.32.0.0/16,125.33.0.0/16,125.34.0.0/16,125.35.0.0/17,125.35.128.0/17,125.36.0.0/14,125.40.0.0/13,125.58.128.0/17,125.62.0.0/18,125.64.0.0/13,125.72.0.0/16,125.73.0.0/16,125.74.0.0/15,125.76.0.0/17,125.76.128.0/17,125.77.0.0/16
netsh advfirewall firewall add rule name="China IP Ban - Outgoing (Part 3)" action=block dir=out protocol=any localip=any remoteip=125.78.0.0/15,125.80.0.0/13,125.88.0.0/13,125.96.0.0/15,125.98.0.0/16,125.104.0.0/13,125.112.0.0/12,125.169.0.0/16,125.171.0.0/16,125.208.0.0/18,125.210.0.0/16,125.211.0.0/16,125.213.0.0/17,125.215.0.0/18,125.216.0.0/15,125.218.0.0/16,125.219.0.0/16,125.220.0.0/15,125.222.0.0/15,125.254.128.0/18,125.254.192.0/18,134.196.0.0/16,159.226.0.0/16,161.207.0.0/16,162.105.0.0/16,166.111.0.0/16,167.139.0.0/16,168.160.0.0/16,192.83.122.0/24,192.83.169.0/24,192.124.154.0/24,192.188.170.0/24,198.17.7.0/24,202.0.110.0/24,202.0.176.0/22,202.4.128.0/19,202.4.252.0/22,202.8.128.0/19,202.10.64.0/20,202.14.88.0/24,202.14.235.0/24,202.14.236.0/23,202.14.238.0/24,202.20.120.0/24,202.22.248.0/22,202.22.252.0/22,202.38.0.0/23,202.38.2.0/23,202.38.4.0/22,202.38.8.0/21,202.38.64.0/19,202.38.96.0/19,202.38.128.0/23,202.38.130.0/23,202.38.132.0/23,202.38.134.0/24,202.38.135.0/24,202.38.136.0/24,202.38.137.0/24,202.38.138.0/24,202.38.140.0/23,202.38.142.0/24,202.38.143.0/24,202.38.146.0/23,202.38.149.0/24,202.38.150.0/23,202.38.152.0/23,202.38.154.0/23,202.38.156.0/24,202.38.158.0/23,202.38.160.0/23,202.38.164.0/22,202.38.168.0/24,202.38.169.0/24,202.38.170.0/24,202.38.171.0/24,202.38.172.0/24,202.38.173.0/24,202.38.174.0/24,202.38.175.0/24,202.38.176.0/23,202.38.184.0/21,202.38.192.0/18,202.41.152.0/21,202.41.240.0/20,202.43.144.0/20,202.46.32.0/19,202.46.224.0/20,202.60.112.0/20,202.63.248.0/22,202.69.4.0/22,202.69.16.0/20,202.70.0.0/19,202.74.8.0/21,202.75.208.0/20,202.85.208.0/20,202.90.0.0/22,202.90.224.0/20,202.90.252.0/22,202.91.0.0/22,202.91.128.0/22,202.91.176.0/20,202.91.224.0/19,202.92.0.0/22,202.92.252.0/22,202.93.0.0/22,202.93.252.0/22,202.94.0.0/19,202.95.0.0/22,202.95.4.0/22,202.95.8.0/21,202.95.16.0/20,202.95.252.0/22,202.96.0.0/18,202.96.64.0/21,202.96.72.0/21,202.96.80.0/20,202.96.96.0/21,202.96.104.0/21,202.96.112.0/20,202.96.128.0/21,202.96.136.0/21,202.96.144.0/20,202.96.160.0/21,202.96.168.0/21,202.96.176.0/20,202.96.192.0/21,202.96.200.0/21,202.96.208.0/20,202.96.224.0/21,202.96.232.0/21,202.96.240.0/20,202.97.0.0/21,202.97.8.0/21,202.97.16.0/20,202.97.32.0/19,202.97.64.0/19,202.97.96.0/20,202.97.112.0/20,202.97.128.0/18,202.97.192.0/19,202.97.224.0/21,202.97.232.0/21,202.97.240.0/20,202.98.0.0/21,202.98.8.0/21,202.98.16.0/20,202.98.32.0/21,202.98.40.0/21,202.98.48.0/20,202.98.64.0/19,202.98.96.0/21,202.98.104.0/21,202.98.112.0/20,202.98.128.0/19,202.98.160.0/21,202.98.168.0/21,202.98.176.0/20,202.98.192.0/21,202.98.200.0/21,202.98.208.0/20,202.98.224.0/21,202.98.232.0/21,202.98.240.0/20,202.99.0.0/18,202.99.64.0/19,202.99.96.0/21,202.99.104.0/21,202.99.112.0/20,202.99.128.0/19,202.99.160.0/21,202.99.168.0/21,202.99.176.0/20,202.99.192.0/21,202.99.200.0/21,202.99.208.0/20,202.99.224.0/21,202.99.232.0/21,202.99.240.0/20,202.100.0.0/21,202.100.8.0/21,202.100.16.0/20,202.100.32.0/19,202.100.64.0/21,202.100.72.0/21,202.100.80.0/20,202.100.96.0/21,202.100.104.0/21,202.100.112.0/20,202.100.128.0/21,202.100.136.0/21,202.100.144.0/20,202.100.160.0/21,202.100.168.0/21,202.100.176.0/20,202.100.192.0/21,202.100.200.0/21,202.100.208.0/20,202.100.224.0/19,202.101.0.0/18,202.101.64.0/19,202.101.96.0/19,202.101.128.0/18,202.101.192.0/19,202.101.224.0/21,202.101.232.0/21,202.101.240.0/20,202.102.0.0/19,202.102.32.0/19,202.102.64.0/18,202.102.128.0/21,202.102.136.0/21,202.102.144.0/20,202.102.160.0/19,202.102.192.0/21,202.102.200.0/21,202.102.208.0/20,202.102.224.0/21,202.102.232.0/21,202.102.240.0/20
netsh advfirewall firewall add rule name="China IP Ban - Outgoing (Part 4)" action=block dir=out protocol=any localip=any remoteip=202.103.0.0/21,202.103.8.0/21,202.103.16.0/20,202.103.32.0/19,202.103.64.0/19,202.103.96.0/21,202.103.104.0/21,202.103.112.0/20,202.103.128.0/18,202.103.192.0/19,202.103.224.0/21,202.103.232.0/21,202.103.240.0/20,202.104.0.0/15,202.106.0.0/16,202.107.0.0/17,202.107.128.0/17,202.108.0.0/16,202.109.0.0/16,202.110.0.0/18,202.110.64.0/18,202.110.128.0/18,202.110.192.0/18,202.111.0.0/17,202.111.128.0/19,202.111.160.0/19,202.111.192.0/18,202.112.0.0/16,202.113.0.0/20,202.113.16.0/20,202.113.32.0/19,202.113.64.0/18,202.113.128.0/18,202.113.192.0/19,202.113.224.0/20,202.113.240.0/20,202.114.0.0/19,202.114.32.0/19,202.114.64.0/18,202.114.128.0/17,202.115.0.0/19,202.115.32.0/19,202.115.64.0/18,202.115.128.0/17,202.116.0.0/19,202.116.32.0/20,202.116.48.0/20,202.116.64.0/19,202.116.96.0/19,202.116.128.0/17,202.117.0.0/18,202.117.64.0/18,202.117.128.0/17,202.118.0.0/19,202.118.32.0/19,202.118.64.0/18,202.118.128.0/17,202.119.0.0/19,202.119.32.0/19,202.119.64.0/20,202.119.80.0/20,202.119.96.0/19,202.119.128.0/17,202.120.0.0/18,202.120.64.0/18,202.120.128.0/17,202.121.0.0/16,202.122.0.0/21,202.122.32.0/21,202.122.64.0/19,202.122.112.0/21,202.122.128.0/24,202.123.96.0/20,202.125.176.0/20,202.127.0.0/23,202.127.2.0/24,202.127.3.0/24,202.127.4.0/24,202.127.5.0/24,202.127.6.0/23,202.127.12.0/22,202.127.16.0/20,202.127.40.0/21,202.127.48.0/20,202.127.112.0/20,202.127.128.0/20,202.127.144.0/20,202.127.160.0/21,202.127.192.0/23,202.127.194.0/23,202.127.196.0/22,202.127.200.0/21,202.127.208.0/24,202.127.209.0/24,202.127.212.0/22,202.127.216.0/21,202.127.224.0/19,202.130.0.0/19,202.130.224.0/19,202.131.16.0/21,202.131.48.0/20,202.131.208.0/20,202.136.48.0/20,202.136.208.0/20,202.136.224.0/20,202.141.160.0/19,202.142.16.0/20,202.143.16.0/20,202.148.96.0/19,202.149.160.0/19,202.149.224.0/19,202.150.16.0/20,202.152.176.0/20,202.153.48.0/20,202.158.160.0/19,202.160.176.0/20,202.164.0.0/20,202.165.96.0/20,202.165.176.0/20,202.165.208.0/20,202.168.160.0/20,202.168.176.0/20,202.170.128.0/19,202.170.216.0/21,202.173.8.0/21,202.173.224.0/19,202.179.240.0/20,202.180.128.0/19,202.181.112.0/20,202.189.80.0/20,202.192.0.0/13,202.200.0.0/14,202.204.0.0/14,203.18.50.0/24,203.79.0.0/20,203.80.144.0/20,203.81.16.0/20,203.83.56.0/21,203.86.0.0/19,203.86.32.0/19,203.86.64.0/20,203.86.80.0/20,203.88.32.0/19,203.88.192.0/19,203.89.0.0/22,203.90.0.0/22,203.90.128.0/19,203.90.160.0/19,203.90.192.0/19,203.91.32.0/19,203.91.96.0/20,203.91.120.0/21,203.92.0.0/22,203.92.160.0/19,203.93.0.0/22,203.93.4.0/22,203.93.8.0/24,203.93.9.0/24,203.93.10.0/23,203.93.12.0/22,203.93.16.0/20,203.93.32.0/19,203.93.64.0/18,203.93.128.0/21,203.93.136.0/22,203.93.140.0/24,203.93.141.0/24,203.93.142.0/23,203.93.144.0/20,203.93.160.0/19,203.93.192.0/18,203.94.0.0/22,203.94.4.0/22,203.94.8.0/21,203.94.16.0/20,203.95.0.0/21,203.95.96.0/20,203.95.112.0/20,203.99.16.0/20,203.99.80.0/20,203.100.32.0/20,203.100.80.0/20,203.100.96.0/19,203.100.192.0/20,203.110.160.0/19,203.118.192.0/19,203.119.24.0/21,203.119.32.0/22,203.128.32.0/19,203.128.96.0/19,203.130.32.0/19,203.132.32.0/19,203.134.240.0/21,203.135.96.0/20,203.135.112.0/20,203.135.160.0/20,203.148.0.0/18,203.152.64.0/19,203.156.192.0/18,203.158.16.0/21,203.161.192.0/19,203.166.160.0/19,203.171.224.0/20,203.174.96.0/19,203.175.128.0/19,203.175.192.0/18,203.176.168.0/21,203.184.80.0/20,203.187.160.0/19,203.190.96.0/20,203.191.16.0/20,203.191.64.0/18,203.191.144.0/21,203.191.152.0/21,203.192.0.0/19,203.196.0.0/21,203.207.64.0/18,203.207.128.0/17,203.208.0.0/20,203.208.16.0/22
netsh advfirewall firewall add rule name="China IP Ban - Outgoing (Part 5)" action=block dir=out protocol=any localip=any remoteip=203.208.32.0/19,203.209.224.0/19,203.212.0.0/20,203.212.80.0/20,203.222.192.0/20,203.223.0.0/20,210.2.0.0/20,210.2.16.0/20,210.5.0.0/19,210.5.144.0/20,210.12.0.0/18,210.12.64.0/18,210.12.128.0/18,210.12.192.0/18,210.13.0.0/18,210.13.64.0/18,210.13.128.0/17,210.14.64.0/19,210.14.128.0/19,210.14.160.0/19,210.14.192.0/19,210.14.224.0/19,210.15.0.0/19,210.15.32.0/19,210.15.64.0/19,210.15.96.0/19,210.15.128.0/18,210.16.128.0/18,210.21.0.0/17,210.21.128.0/17,210.22.0.0/16,210.23.32.0/19,210.25.0.0/16,210.26.0.0/15,210.28.0.0/14,210.32.0.0/14,210.36.0.0/14,210.40.0.0/13,210.51.0.0/16,210.52.0.0/18,210.52.64.0/18,210.52.128.0/17,210.53.0.0/17,210.53.128.0/17,210.56.192.0/19,210.72.0.0/17,210.72.128.0/19,210.72.160.0/19,210.72.192.0/18,210.73.0.0/19,210.73.32.0/19,210.73.64.0/18,210.73.128.0/17,210.74.0.0/19,210.74.32.0/19,210.74.64.0/19,210.74.96.0/19,210.74.128.0/19,210.74.160.0/19,210.74.192.0/18,210.75.0.0/16,210.76.0.0/19,210.76.32.0/19,210.76.64.0/18,210.76.128.0/17,210.77.0.0/16,210.78.0.0/19,210.78.32.0/19,210.78.64.0/18,210.78.128.0/19,210.78.160.0/19,210.78.192.0/18,210.79.64.0/18,210.79.224.0/19,210.82.0.0/15,210.87.128.0/20,210.87.144.0/20,210.87.160.0/19,210.185.192.0/18,210.192.96.0/19,211.64.0.0/14,211.68.0.0/15,211.70.0.0/15,211.80.0.0/16,211.81.0.0/16,211.82.0.0/16,211.83.0.0/16,211.84.0.0/15,211.86.0.0/15,211.88.0.0/16,211.89.0.0/16,211.90.0.0/15,211.92.0.0/15,211.94.0.0/15,211.96.0.0/15,211.98.0.0/15,211.100.0.0/16,211.101.0.0/18,211.101.64.0/18,211.101.128.0/17,211.102.0.0/16,211.103.0.0/17,211.103.128.0/17,211.136.0.0/14,211.140.0.0/15,211.142.0.0/17,211.142.128.0/17,211.143.0.0/16,211.144.0.0/15,211.146.0.0/16,211.147.0.0/16,211.148.0.0/14,211.152.0.0/15,211.154.0.0/16,211.155.0.0/18,211.155.64.0/19,211.155.96.0/19,211.155.128.0/17,211.156.0.0/14,211.160.0.0/14,211.164.0.0/14,218.0.0.0/16,218.1.0.0/16,218.2.0.0/15,218.4.0.0/15,218.6.0.0/16,218.7.0.0/16,218.8.0.0/15,218.10.0.0/16,218.11.0.0/16,218.12.0.0/16,218.13.0.0/16,218.14.0.0/15,218.16.0.0/14,218.20.0.0/16,218.21.0.0/17,218.21.128.0/17,218.22.0.0/15,218.24.0.0/15,218.26.0.0/16,218.27.0.0/16,218.28.0.0/15,218.30.0.0/15,218.56.0.0/14,218.60.0.0/15,218.62.0.0/17,218.62.128.0/17,218.63.0.0/16,218.64.0.0/15,218.66.0.0/16,218.67.0.0/17,218.67.128.0/17,218.68.0.0/15,218.70.0.0/15,218.72.0.0/14,218.76.0.0/15,218.78.0.0/15,218.80.0.0/14,218.84.0.0/14,218.88.0.0/13,218.96.0.0/14,218.104.0.0/17,218.104.128.0/19,218.104.160.0/19,218.104.192.0/21,218.104.200.0/21,218.104.208.0/20,218.104.224.0/19,218.105.0.0/16,218.106.0.0/15,218.108.0.0/16,218.109.0.0/16,218.185.192.0/19,218.192.0.0/16,218.193.0.0/16,218.194.0.0/16,218.195.0.0/16,218.196.0.0/14,218.200.0.0/14,218.204.0.0/15,218.206.0.0/15,218.240.0.0/14,218.244.0.0/15,218.246.0.0/15,218.249.0.0/16,219.72.0.0/16,219.82.0.0/16,219.128.0.0/12,219.144.0.0/14,219.148.0.0/16,219.149.0.0/17,219.149.128.0/18,219.149.192.0/18,219.150.0.0/19,219.150.32.0/19,219.150.64.0/19,219.150.96.0/20,219.150.112.0/20,219.150.128.0/17,219.151.0.0/19,219.151.32.0/19,219.151.64.0/18,219.151.128.0/17,219.152.0.0/15,219.154.0.0/15,219.156.0.0/15,219.158.0.0/17,219.158.128.0/17,219.159.0.0/18,219.159.64.0/18,219.159.128.0/17,219.216.0.0/15,219.218.0.0/15,219.220.0.0/16,219.221.0.0/16,219.222.0.0/15,219.224.0.0/15,219.226.0.0/16,219.227.0.0/16,219.228.0.0/15
netsh advfirewall firewall add rule name="China IP Ban - Outgoing (Part 6)" action=block dir=out protocol=any localip=any remoteip=219.230.0.0/15,219.232.0.0/14,219.236.0.0/15,219.238.0.0/15,219.242.0.0/15,219.244.0.0/14,220.101.192.0/18,220.112.0.0/14,220.152.128.0/17,220.154.0.0/15,220.160.0.0/11,220.192.0.0/15,220.194.0.0/15,220.196.0.0/14,220.200.0.0/13,220.231.0.0/18,220.231.128.0/17,220.232.64.0/18,220.234.0.0/16,220.242.0.0/15,220.248.0.0/14,220.252.0.0/16,221.0.0.0/15,221.2.0.0/16,221.3.0.0/17,221.3.128.0/17,221.4.0.0/16,221.5.0.0/17,221.5.128.0/17,221.6.0.0/16,221.7.0.0/19,221.7.32.0/19,221.7.64.0/19,221.7.96.0/19,221.7.128.0/17,221.8.0.0/15,221.10.0.0/16,221.11.0.0/17,221.11.128.0/18,221.11.192.0/19,221.11.224.0/19,221.12.0.0/17,221.12.128.0/18,221.13.0.0/18,221.13.64.0/19,221.13.96.0/19,221.13.128.0/17,221.14.0.0/15,221.122.0.0/15,221.129.0.0/16,221.130.0.0/15,221.133.224.0/19,221.136.0.0/16,221.137.0.0/16,221.172.0.0/14,221.176.0.0/13,221.192.0.0/15,221.194.0.0/16,221.195.0.0/16,221.196.0.0/15,221.198.0.0/16,221.199.0.0/19,221.199.32.0/20,221.199.48.0/20,221.199.64.0/18,221.199.128.0/18,221.199.192.0/20,221.199.224.0/19,221.200.0.0/14,221.204.0.0/15,221.206.0.0/16,221.207.0.0/18,221.207.64.0/18,221.207.128.0/17,221.208.0.0/14,221.212.0.0/16,221.213.0.0/16,221.214.0.0/15,221.216.0.0/13,221.224.0.0/13,221.232.0.0/14,221.236.0.0/15,221.238.0.0/16,221.239.0.0/17,221.239.128.0/17,222.16.0.0/15,222.18.0.0/15,222.20.0.0/15,222.22.0.0/16,222.23.0.0/16,222.24.0.0/15,222.26.0.0/15,222.28.0.0/14,222.32.0.0/11,222.64.0.0/13,222.72.0.0/15,222.74.0.0/16,222.75.0.0/16,222.76.0.0/14,222.80.0.0/15,222.82.0.0/16,222.83.0.0/17,222.83.128.0/17,222.84.0.0/16,222.85.0.0/17,222.85.128.0/17,222.86.0.0/15,222.88.0.0/15,222.90.0.0/15,222.92.0.0/14,222.125.0.0/16,222.126.128.0/17,222.128.0.0/14,222.132.0.0/14,222.136.0.0/13,222.160.0.0/15,222.162.0.0/16,222.163.0.0/19,222.163.32.0/19,222.163.64.0/18,222.163.128.0/17,222.168.0.0/15,222.170.0.0/15,222.172.0.0/17,222.172.128.0/17,222.173.0.0/16,222.174.0.0/15,222.176.0.0/13,222.184.0.0/13,222.192.0.0/14,222.196.0.0/15,222.198.0.0/16,222.199.0.0/16,222.200.0.0/14,222.204.0.0/15,222.206.0.0/15,222.208.0.0/13,222.216.0.0/15,222.218.0.0/16,222.219.0.0/16,222.220.0.0/15,222.222.0.0/15,222.240.0.0/13,222.248.0.0/16,222.249.0.0/17,222.249.128.0/19,222.249.160.0/20,222.249.176.0/20,222.249.192.0/18
netsh advfirewall firewall add rule name="China IP Ban - Incoming (Part 1)" action=block dir=in protocol=any localip=any remoteip=58.14.0.0/15,58.16.0.0/16,58.17.0.0/17,58.17.128.0/17,58.18.0.0/16,58.19.0.0/16,58.20.0.0/16,58.21.0.0/16,58.22.0.0/15,58.24.0.0/15,58.30.0.0/15,58.32.0.0/13,58.40.0.0/15,58.42.0.0/16,58.43.0.0/16,58.44.0.0/14,58.48.0.0/13,58.56.0.0/15,58.58.0.0/16,58.59.0.0/17,58.59.128.0/17,58.60.0.0/14,58.66.0.0/15,58.68.128.0/17,58.82.0.0/15,58.87.64.0/18,58.99.128.0/17,58.100.0.0/15,58.116.0.0/14,58.128.0.0/13,58.144.0.0/16,58.154.0.0/15,58.192.0.0/15,58.194.0.0/15,58.196.0.0/15,58.198.0.0/15,58.200.0.0/13,58.208.0.0/12,58.240.0.0/15,58.242.0.0/15,58.244.0.0/15,58.246.0.0/15,58.248.0.0/13,59.32.0.0/13,59.40.0.0/15,59.42.0.0/16,59.43.0.0/16,59.44.0.0/14,59.48.0.0/16,59.49.0.0/17,59.49.128.0/17,59.50.0.0/16,59.51.0.0/17,59.51.128.0/17,59.52.0.0/14,59.56.0.0/14,59.60.0.0/15,59.62.0.0/15,59.64.0.0/14,59.68.0.0/14,59.72.0.0/15,59.74.0.0/15,59.76.0.0/16,59.77.0.0/16,59.78.0.0/15,59.80.0.0/14,59.107.0.0/17,59.107.128.0/17,59.108.0.0/15,59.110.0.0/15,59.151.0.0/17,59.155.0.0/16,59.172.0.0/15,59.174.0.0/15,59.191.0.0/17,59.192.0.0/10,60.0.0.0/13,60.8.0.0/15,60.10.0.0/16,60.11.0.0/16,60.12.0.0/16,60.13.0.0/18,60.13.64.0/18,60.13.128.0/17,60.14.0.0/15,60.16.0.0/13,60.24.0.0/14,60.28.0.0/15,60.30.0.0/16,60.31.0.0/16,60.55.0.0/16,60.63.0.0/16,60.160.0.0/15,60.162.0.0/15,60.164.0.0/15,60.166.0.0/15,60.168.0.0/13,60.176.0.0/12,60.194.0.0/15,60.200.0.0/14,60.204.0.0/16,60.205.0.0/16,60.206.0.0/15,60.208.0.0/13,60.216.0.0/15,60.218.0.0/15,60.220.0.0/14,60.232.0.0/15,60.235.0.0/16,60.245.128.0/17,60.247.0.0/16,60.252.0.0/16,60.253.128.0/17,60.255.0.0/16,61.4.80.0/20,61.4.176.0/20,61.8.160.0/20,61.28.0.0/20,61.28.16.0/20,61.28.32.0/19,61.28.64.0/18,61.29.128.0/18,61.29.192.0/19,61.29.224.0/20,61.29.240.0/20,61.45.128.0/18,61.47.128.0/18,61.48.0.0/14,61.52.0.0/15,61.54.0.0/16,61.55.0.0/16,61.87.192.0/18,61.128.0.0/15,61.130.0.0/15,61.132.0.0/16,61.133.0.0/17,61.133.128.0/17,61.134.0.0/18,61.134.64.0/19,61.134.96.0/19,61.134.128.0/18,61.134.192.0/18,61.135.0.0/16,61.136.0.0/18,61.136.64.0/18,61.136.128.0/17,61.137.0.0/17,61.137.128.0/17,61.138.0.0/18,61.138.64.0/18,61.138.128.0/18,61.138.192.0/18,61.139.0.0/17,61.139.128.0/18,61.139.192.0/18,61.140.0.0/14,61.144.0.0/14,61.148.0.0/15,61.150.0.0/15,61.152.0.0/16,61.153.0.0/16,61.154.0.0/15,61.156.0.0/16,61.157.0.0/16,61.158.0.0/17,61.158.128.0/17,61.159.0.0/18,61.159.64.0/18,61.159.128.0/17,61.160.0.0/16,61.161.0.0/18,61.161.64.0/18,61.161.128.0/17,61.162.0.0/16,61.163.0.0/16,61.164.0.0/16,61.165.0.0/16,61.166.0.0/16,61.167.0.0/16,61.168.0.0/16,61.169.0.0/16,61.170.0.0/15,61.172.0.0/14,61.176.0.0/16,61.177.0.0/16,61.178.0.0/16,61.179.0.0/16,61.180.0.0/17,61.180.128.0/17,61.181.0.0/16,61.182.0.0/16,61.183.0.0/16,61.184.0.0/14,61.188.0.0/16,61.189.0.0/17,61.189.128.0/17,61.190.0.0/15,61.232.0.0/14,61.236.0.0/15,61.240.0.0/14,116.1.0.0/16,116.2.0.0/15,116.4.0.0/14,116.8.0.0/14,116.13.0.0/16,116.16.0.0/12,116.52.0.0/14,116.56.0.0/15,116.58.128.0/20,116.58.208.0/20,116.60.0.0/14,116.66.0.0/17,116.69.0.0/16,116.70.0.0/17,116.76.0.0/15,116.78.0.0/15,116.89.144.0/20,116.90.184.0/21,116.95.0.0/16,116.112.0.0/14
netsh advfirewall firewall add rule name="China IP Ban - Incoming (Part 2)" action=block dir=in protocol=any localip=any remoteip=116.116.0.0/15,116.128.0.0/10,116.192.0.0/16,116.193.16.0/20,116.193.32.0/19,116.194.0.0/15,116.196.0.0/16,116.198.0.0/16,116.199.0.0/17,116.199.128.0/19,116.204.0.0/15,116.207.0.0/16,116.208.0.0/14,116.212.160.0/20,116.213.64.0/18,116.213.128.0/17,116.214.32.0/19,116.214.64.0/20,116.214.128.0/17,116.215.0.0/16,116.216.0.0/14,116.224.0.0/12,116.242.0.0/15,116.244.0.0/15,116.246.0.0/15,116.248.0.0/15,116.252.0.0/15,116.254.128.0/17,116.255.128.0/17,117.8.0.0/13,117.21.0.0/16,117.22.0.0/15,117.24.0.0/13,117.32.0.0/13,117.40.0.0/14,117.44.0.0/15,117.48.0.0/14,117.53.48.0/20,117.53.176.0/20,121.0.16.0/20,121.4.0.0/15,121.8.0.0/13,121.16.0.0/13,121.24.0.0/14,121.28.0.0/15,121.30.0.0/16,121.31.0.0/16,121.32.0.0/14,121.36.0.0/16,121.37.0.0/16,121.38.0.0/15,121.40.0.0/14,121.46.0.0/16,121.47.0.0/16,121.48.0.0/15,121.51.0.0/16,121.55.0.0/18,121.56.0.0/15,121.58.0.0/17,121.59.0.0/16,121.60.0.0/14,121.68.0.0/14,121.76.0.0/15,121.89.0.0/16,121.100.128.0/17,121.192.0.0/16,121.193.0.0/16,121.194.0.0/15,121.201.0.0/16,121.204.0.0/14,121.224.0.0/12,121.248.0.0/14,121.255.0.0/16,122.0.64.0/18,122.0.128.0/17,122.4.0.0/14,122.8.0.0/13,122.48.0.0/16,122.49.0.0/18,122.51.0.0/16,122.64.0.0/11,122.96.0.0/15,122.102.0.0/20,122.102.64.0/20,122.102.80.0/20,122.136.0.0/13,122.144.128.0/17,122.152.192.0/18,122.156.0.0/14,122.192.0.0/14,122.198.0.0/16,122.200.64.0/18,122.204.0.0/14,122.224.0.0/12,122.240.0.0/13,122.248.48.0/20,123.0.128.0/18,123.4.0.0/14,123.8.0.0/13,123.49.128.0/17,123.52.0.0/14,123.56.0.0/13,123.64.0.0/11,123.96.0.0/15,123.98.0.0/17,123.99.128.0/17,123.100.0.0/19,123.101.0.0/16,123.103.0.0/17,123.108.128.0/20,123.108.208.0/20,123.112.0.0/12,123.128.0.0/13,123.136.80.0/20,123.137.0.0/16,123.138.0.0/15,123.144.0.0/14,123.148.0.0/16,123.149.0.0/16,123.150.0.0/15,123.152.0.0/13,123.160.0.0/14,123.164.0.0/14,123.168.0.0/14,123.172.0.0/15,123.174.0.0/15,123.176.80.0/20,123.177.0.0/16,123.178.0.0/15,123.180.0.0/14,123.184.0.0/14,123.188.0.0/14,123.196.0.0/15,123.199.128.0/17,123.206.0.0/15,123.232.0.0/14,123.242.0.0/17,123.244.0.0/14,123.249.0.0/16,123.253.0.0/16,124.6.64.0/18,124.14.0.0/15,124.16.0.0/15,124.20.0.0/16,124.21.0.0/20,124.21.16.0/20,124.21.32.0/19,124.21.64.0/18,124.21.128.0/17,124.22.0.0/15,124.29.0.0/17,124.40.128.0/18,124.42.0.0/17,124.47.0.0/18,124.64.0.0/15,124.66.0.0/17,124.67.0.0/16,124.68.0.0/14,124.72.0.0/16,124.73.0.0/16,124.74.0.0/15,124.76.0.0/14,124.88.0.0/16,124.89.0.0/17,124.89.128.0/17,124.90.0.0/15,124.92.0.0/14,124.108.8.0/21,124.108.40.0/21,124.112.0.0/15,124.114.0.0/15,124.116.0.0/16,124.117.0.0/16,124.118.0.0/15,124.126.0.0/15,124.128.0.0/13,124.147.128.0/17,124.156.0.0/16,124.160.0.0/16,124.161.0.0/16,124.162.0.0/16,124.163.0.0/16,124.164.0.0/14,124.172.0.0/15,124.174.0.0/15,124.192.0.0/15,124.196.0.0/16,124.200.0.0/13,124.220.0.0/14,124.224.0.0/16,124.225.0.0/16,124.226.0.0/15,124.228.0.0/14,124.232.0.0/15,124.234.0.0/15,124.236.0.0/14,124.240.0.0/17,124.242.0.0/16,124.243.192.0/18,124.248.0.0/17,124.249.0.0/16,124.250.0.0/15,124.254.0.0/18,125.31.192.0/18,125.32.0.0/16,125.33.0.0/16,125.34.0.0/16,125.35.0.0/17,125.35.128.0/17,125.36.0.0/14,125.40.0.0/13,125.58.128.0/17,125.62.0.0/18,125.64.0.0/13,125.72.0.0/16,125.73.0.0/16,125.74.0.0/15,125.76.0.0/17,125.76.128.0/17,125.77.0.0/16
netsh advfirewall firewall add rule name="China IP Ban - Incoming (Part 3)" action=block dir=in protocol=any localip=any remoteip=125.78.0.0/15,125.80.0.0/13,125.88.0.0/13,125.96.0.0/15,125.98.0.0/16,125.104.0.0/13,125.112.0.0/12,125.169.0.0/16,125.171.0.0/16,125.208.0.0/18,125.210.0.0/16,125.211.0.0/16,125.213.0.0/17,125.215.0.0/18,125.216.0.0/15,125.218.0.0/16,125.219.0.0/16,125.220.0.0/15,125.222.0.0/15,125.254.128.0/18,125.254.192.0/18,134.196.0.0/16,159.226.0.0/16,161.207.0.0/16,162.105.0.0/16,166.111.0.0/16,167.139.0.0/16,168.160.0.0/16,192.83.122.0/24,192.83.169.0/24,192.124.154.0/24,192.188.170.0/24,198.17.7.0/24,202.0.110.0/24,202.0.176.0/22,202.4.128.0/19,202.4.252.0/22,202.8.128.0/19,202.10.64.0/20,202.14.88.0/24,202.14.235.0/24,202.14.236.0/23,202.14.238.0/24,202.20.120.0/24,202.22.248.0/22,202.22.252.0/22,202.38.0.0/23,202.38.2.0/23,202.38.4.0/22,202.38.8.0/21,202.38.64.0/19,202.38.96.0/19,202.38.128.0/23,202.38.130.0/23,202.38.132.0/23,202.38.134.0/24,202.38.135.0/24,202.38.136.0/24,202.38.137.0/24,202.38.138.0/24,202.38.140.0/23,202.38.142.0/24,202.38.143.0/24,202.38.146.0/23,202.38.149.0/24,202.38.150.0/23,202.38.152.0/23,202.38.154.0/23,202.38.156.0/24,202.38.158.0/23,202.38.160.0/23,202.38.164.0/22,202.38.168.0/24,202.38.169.0/24,202.38.170.0/24,202.38.171.0/24,202.38.172.0/24,202.38.173.0/24,202.38.174.0/24,202.38.175.0/24,202.38.176.0/23,202.38.184.0/21,202.38.192.0/18,202.41.152.0/21,202.41.240.0/20,202.43.144.0/20,202.46.32.0/19,202.46.224.0/20,202.60.112.0/20,202.63.248.0/22,202.69.4.0/22,202.69.16.0/20,202.70.0.0/19,202.74.8.0/21,202.75.208.0/20,202.85.208.0/20,202.90.0.0/22,202.90.224.0/20,202.90.252.0/22,202.91.0.0/22,202.91.128.0/22,202.91.176.0/20,202.91.224.0/19,202.92.0.0/22,202.92.252.0/22,202.93.0.0/22,202.93.252.0/22,202.94.0.0/19,202.95.0.0/22,202.95.4.0/22,202.95.8.0/21,202.95.16.0/20,202.95.252.0/22,202.96.0.0/18,202.96.64.0/21,202.96.72.0/21,202.96.80.0/20,202.96.96.0/21,202.96.104.0/21,202.96.112.0/20,202.96.128.0/21,202.96.136.0/21,202.96.144.0/20,202.96.160.0/21,202.96.168.0/21,202.96.176.0/20,202.96.192.0/21,202.96.200.0/21,202.96.208.0/20,202.96.224.0/21,202.96.232.0/21,202.96.240.0/20,202.97.0.0/21,202.97.8.0/21,202.97.16.0/20,202.97.32.0/19,202.97.64.0/19,202.97.96.0/20,202.97.112.0/20,202.97.128.0/18,202.97.192.0/19,202.97.224.0/21,202.97.232.0/21,202.97.240.0/20,202.98.0.0/21,202.98.8.0/21,202.98.16.0/20,202.98.32.0/21,202.98.40.0/21,202.98.48.0/20,202.98.64.0/19,202.98.96.0/21,202.98.104.0/21,202.98.112.0/20,202.98.128.0/19,202.98.160.0/21,202.98.168.0/21,202.98.176.0/20,202.98.192.0/21,202.98.200.0/21,202.98.208.0/20,202.98.224.0/21,202.98.232.0/21,202.98.240.0/20,202.99.0.0/18,202.99.64.0/19,202.99.96.0/21,202.99.104.0/21,202.99.112.0/20,202.99.128.0/19,202.99.160.0/21,202.99.168.0/21,202.99.176.0/20,202.99.192.0/21,202.99.200.0/21,202.99.208.0/20,202.99.224.0/21,202.99.232.0/21,202.99.240.0/20,202.100.0.0/21,202.100.8.0/21,202.100.16.0/20,202.100.32.0/19,202.100.64.0/21,202.100.72.0/21,202.100.80.0/20,202.100.96.0/21,202.100.104.0/21,202.100.112.0/20,202.100.128.0/21,202.100.136.0/21,202.100.144.0/20,202.100.160.0/21,202.100.168.0/21,202.100.176.0/20,202.100.192.0/21,202.100.200.0/21,202.100.208.0/20,202.100.224.0/19,202.101.0.0/18,202.101.64.0/19,202.101.96.0/19,202.101.128.0/18,202.101.192.0/19,202.101.224.0/21,202.101.232.0/21,202.101.240.0/20,202.102.0.0/19,202.102.32.0/19,202.102.64.0/18,202.102.128.0/21,202.102.136.0/21,202.102.144.0/20,202.102.160.0/19,202.102.192.0/21,202.102.200.0/21,202.102.208.0/20,202.102.224.0/21,202.102.232.0/21,202.102.240.0/20
netsh advfirewall firewall add rule name="China IP Ban - Incoming (Part 4)" action=block dir=in protocol=any localip=any remoteip=202.103.0.0/21,202.103.8.0/21,202.103.16.0/20,202.103.32.0/19,202.103.64.0/19,202.103.96.0/21,202.103.104.0/21,202.103.112.0/20,202.103.128.0/18,202.103.192.0/19,202.103.224.0/21,202.103.232.0/21,202.103.240.0/20,202.104.0.0/15,202.106.0.0/16,202.107.0.0/17,202.107.128.0/17,202.108.0.0/16,202.109.0.0/16,202.110.0.0/18,202.110.64.0/18,202.110.128.0/18,202.110.192.0/18,202.111.0.0/17,202.111.128.0/19,202.111.160.0/19,202.111.192.0/18,202.112.0.0/16,202.113.0.0/20,202.113.16.0/20,202.113.32.0/19,202.113.64.0/18,202.113.128.0/18,202.113.192.0/19,202.113.224.0/20,202.113.240.0/20,202.114.0.0/19,202.114.32.0/19,202.114.64.0/18,202.114.128.0/17,202.115.0.0/19,202.115.32.0/19,202.115.64.0/18,202.115.128.0/17,202.116.0.0/19,202.116.32.0/20,202.116.48.0/20,202.116.64.0/19,202.116.96.0/19,202.116.128.0/17,202.117.0.0/18,202.117.64.0/18,202.117.128.0/17,202.118.0.0/19,202.118.32.0/19,202.118.64.0/18,202.118.128.0/17,202.119.0.0/19,202.119.32.0/19,202.119.64.0/20,202.119.80.0/20,202.119.96.0/19,202.119.128.0/17,202.120.0.0/18,202.120.64.0/18,202.120.128.0/17,202.121.0.0/16,202.122.0.0/21,202.122.32.0/21,202.122.64.0/19,202.122.112.0/21,202.122.128.0/24,202.123.96.0/20,202.125.176.0/20,202.127.0.0/23,202.127.2.0/24,202.127.3.0/24,202.127.4.0/24,202.127.5.0/24,202.127.6.0/23,202.127.12.0/22,202.127.16.0/20,202.127.40.0/21,202.127.48.0/20,202.127.112.0/20,202.127.128.0/20,202.127.144.0/20,202.127.160.0/21,202.127.192.0/23,202.127.194.0/23,202.127.196.0/22,202.127.200.0/21,202.127.208.0/24,202.127.209.0/24,202.127.212.0/22,202.127.216.0/21,202.127.224.0/19,202.130.0.0/19,202.130.224.0/19,202.131.16.0/21,202.131.48.0/20,202.131.208.0/20,202.136.48.0/20,202.136.208.0/20,202.136.224.0/20,202.141.160.0/19,202.142.16.0/20,202.143.16.0/20,202.148.96.0/19,202.149.160.0/19,202.149.224.0/19,202.150.16.0/20,202.152.176.0/20,202.153.48.0/20,202.158.160.0/19,202.160.176.0/20,202.164.0.0/20,202.165.96.0/20,202.165.176.0/20,202.165.208.0/20,202.168.160.0/20,202.168.176.0/20,202.170.128.0/19,202.170.216.0/21,202.173.8.0/21,202.173.224.0/19,202.179.240.0/20,202.180.128.0/19,202.181.112.0/20,202.189.80.0/20,202.192.0.0/13,202.200.0.0/14,202.204.0.0/14,203.18.50.0/24,203.79.0.0/20,203.80.144.0/20,203.81.16.0/20,203.83.56.0/21,203.86.0.0/19,203.86.32.0/19,203.86.64.0/20,203.86.80.0/20,203.88.32.0/19,203.88.192.0/19,203.89.0.0/22,203.90.0.0/22,203.90.128.0/19,203.90.160.0/19,203.90.192.0/19,203.91.32.0/19,203.91.96.0/20,203.91.120.0/21,203.92.0.0/22,203.92.160.0/19,203.93.0.0/22,203.93.4.0/22,203.93.8.0/24,203.93.9.0/24,203.93.10.0/23,203.93.12.0/22,203.93.16.0/20,203.93.32.0/19,203.93.64.0/18,203.93.128.0/21,203.93.136.0/22,203.93.140.0/24,203.93.141.0/24,203.93.142.0/23,203.93.144.0/20,203.93.160.0/19,203.93.192.0/18,203.94.0.0/22,203.94.4.0/22,203.94.8.0/21,203.94.16.0/20,203.95.0.0/21,203.95.96.0/20,203.95.112.0/20,203.99.16.0/20,203.99.80.0/20,203.100.32.0/20,203.100.80.0/20,203.100.96.0/19,203.100.192.0/20,203.110.160.0/19,203.118.192.0/19,203.119.24.0/21,203.119.32.0/22,203.128.32.0/19,203.128.96.0/19,203.130.32.0/19,203.132.32.0/19,203.134.240.0/21,203.135.96.0/20,203.135.112.0/20,203.135.160.0/20,203.148.0.0/18,203.152.64.0/19,203.156.192.0/18,203.158.16.0/21,203.161.192.0/19,203.166.160.0/19,203.171.224.0/20,203.174.96.0/19,203.175.128.0/19,203.175.192.0/18,203.176.168.0/21,203.184.80.0/20,203.187.160.0/19,203.190.96.0/20,203.191.16.0/20,203.191.64.0/18,203.191.144.0/21,203.191.152.0/21,203.192.0.0/19,203.196.0.0/21,203.207.64.0/18,203.207.128.0/17,203.208.0.0/20,203.208.16.0/22
netsh advfirewall firewall add rule name="China IP Ban - Incoming (Part 5)" action=block dir=in protocol=any localip=any remoteip=203.208.32.0/19,203.209.224.0/19,203.212.0.0/20,203.212.80.0/20,203.222.192.0/20,203.223.0.0/20,210.2.0.0/20,210.2.16.0/20,210.5.0.0/19,210.5.144.0/20,210.12.0.0/18,210.12.64.0/18,210.12.128.0/18,210.12.192.0/18,210.13.0.0/18,210.13.64.0/18,210.13.128.0/17,210.14.64.0/19,210.14.128.0/19,210.14.160.0/19,210.14.192.0/19,210.14.224.0/19,210.15.0.0/19,210.15.32.0/19,210.15.64.0/19,210.15.96.0/19,210.15.128.0/18,210.16.128.0/18,210.21.0.0/17,210.21.128.0/17,210.22.0.0/16,210.23.32.0/19,210.25.0.0/16,210.26.0.0/15,210.28.0.0/14,210.32.0.0/14,210.36.0.0/14,210.40.0.0/13,210.51.0.0/16,210.52.0.0/18,210.52.64.0/18,210.52.128.0/17,210.53.0.0/17,210.53.128.0/17,210.56.192.0/19,210.72.0.0/17,210.72.128.0/19,210.72.160.0/19,210.72.192.0/18,210.73.0.0/19,210.73.32.0/19,210.73.64.0/18,210.73.128.0/17,210.74.0.0/19,210.74.32.0/19,210.74.64.0/19,210.74.96.0/19,210.74.128.0/19,210.74.160.0/19,210.74.192.0/18,210.75.0.0/16,210.76.0.0/19,210.76.32.0/19,210.76.64.0/18,210.76.128.0/17,210.77.0.0/16,210.78.0.0/19,210.78.32.0/19,210.78.64.0/18,210.78.128.0/19,210.78.160.0/19,210.78.192.0/18,210.79.64.0/18,210.79.224.0/19,210.82.0.0/15,210.87.128.0/20,210.87.144.0/20,210.87.160.0/19,210.185.192.0/18,210.192.96.0/19,211.64.0.0/14,211.68.0.0/15,211.70.0.0/15,211.80.0.0/16,211.81.0.0/16,211.82.0.0/16,211.83.0.0/16,211.84.0.0/15,211.86.0.0/15,211.88.0.0/16,211.89.0.0/16,211.90.0.0/15,211.92.0.0/15,211.94.0.0/15,211.96.0.0/15,211.98.0.0/15,211.100.0.0/16,211.101.0.0/18,211.101.64.0/18,211.101.128.0/17,211.102.0.0/16,211.103.0.0/17,211.103.128.0/17,211.136.0.0/14,211.140.0.0/15,211.142.0.0/17,211.142.128.0/17,211.143.0.0/16,211.144.0.0/15,211.146.0.0/16,211.147.0.0/16,211.148.0.0/14,211.152.0.0/15,211.154.0.0/16,211.155.0.0/18,211.155.64.0/19,211.155.96.0/19,211.155.128.0/17,211.156.0.0/14,211.160.0.0/14,211.164.0.0/14,218.0.0.0/16,218.1.0.0/16,218.2.0.0/15,218.4.0.0/15,218.6.0.0/16,218.7.0.0/16,218.8.0.0/15,218.10.0.0/16,218.11.0.0/16,218.12.0.0/16,218.13.0.0/16,218.14.0.0/15,218.16.0.0/14,218.20.0.0/16,218.21.0.0/17,218.21.128.0/17,218.22.0.0/15,218.24.0.0/15,218.26.0.0/16,218.27.0.0/16,218.28.0.0/15,218.30.0.0/15,218.56.0.0/14,218.60.0.0/15,218.62.0.0/17,218.62.128.0/17,218.63.0.0/16,218.64.0.0/15,218.66.0.0/16,218.67.0.0/17,218.67.128.0/17,218.68.0.0/15,218.70.0.0/15,218.72.0.0/14,218.76.0.0/15,218.78.0.0/15,218.80.0.0/14,218.84.0.0/14,218.88.0.0/13,218.96.0.0/14,218.104.0.0/17,218.104.128.0/19,218.104.160.0/19,218.104.192.0/21,218.104.200.0/21,218.104.208.0/20,218.104.224.0/19,218.105.0.0/16,218.106.0.0/15,218.108.0.0/16,218.109.0.0/16,218.185.192.0/19,218.192.0.0/16,218.193.0.0/16,218.194.0.0/16,218.195.0.0/16,218.196.0.0/14,218.200.0.0/14,218.204.0.0/15,218.206.0.0/15,218.240.0.0/14,218.244.0.0/15,218.246.0.0/15,218.249.0.0/16,219.72.0.0/16,219.82.0.0/16,219.128.0.0/12,219.144.0.0/14,219.148.0.0/16,219.149.0.0/17,219.149.128.0/18,219.149.192.0/18,219.150.0.0/19,219.150.32.0/19,219.150.64.0/19,219.150.96.0/20,219.150.112.0/20,219.150.128.0/17,219.151.0.0/19,219.151.32.0/19,219.151.64.0/18,219.151.128.0/17,219.152.0.0/15,219.154.0.0/15,219.156.0.0/15,219.158.0.0/17,219.158.128.0/17,219.159.0.0/18,219.159.64.0/18,219.159.128.0/17,219.216.0.0/15,219.218.0.0/15,219.220.0.0/16,219.221.0.0/16,219.222.0.0/15,219.224.0.0/15,219.226.0.0/16,219.227.0.0/16,219.228.0.0/15
netsh advfirewall firewall add rule name="China IP Ban - Incoming (Part 6)" action=block dir=in protocol=any localip=any remoteip=219.230.0.0/15,219.232.0.0/14,219.236.0.0/15,219.238.0.0/15,219.242.0.0/15,219.244.0.0/14,220.101.192.0/18,220.112.0.0/14,220.152.128.0/17,220.154.0.0/15,220.160.0.0/11,220.192.0.0/15,220.194.0.0/15,220.196.0.0/14,220.200.0.0/13,220.231.0.0/18,220.231.128.0/17,220.232.64.0/18,220.234.0.0/16,220.242.0.0/15,220.248.0.0/14,220.252.0.0/16,221.0.0.0/15,221.2.0.0/16,221.3.0.0/17,221.3.128.0/17,221.4.0.0/16,221.5.0.0/17,221.5.128.0/17,221.6.0.0/16,221.7.0.0/19,221.7.32.0/19,221.7.64.0/19,221.7.96.0/19,221.7.128.0/17,221.8.0.0/15,221.10.0.0/16,221.11.0.0/17,221.11.128.0/18,221.11.192.0/19,221.11.224.0/19,221.12.0.0/17,221.12.128.0/18,221.13.0.0/18,221.13.64.0/19,221.13.96.0/19,221.13.128.0/17,221.14.0.0/15,221.122.0.0/15,221.129.0.0/16,221.130.0.0/15,221.133.224.0/19,221.136.0.0/16,221.137.0.0/16,221.172.0.0/14,221.176.0.0/13,221.192.0.0/15,221.194.0.0/16,221.195.0.0/16,221.196.0.0/15,221.198.0.0/16,221.199.0.0/19,221.199.32.0/20,221.199.48.0/20,221.199.64.0/18,221.199.128.0/18,221.199.192.0/20,221.199.224.0/19,221.200.0.0/14,221.204.0.0/15,221.206.0.0/16,221.207.0.0/18,221.207.64.0/18,221.207.128.0/17,221.208.0.0/14,221.212.0.0/16,221.213.0.0/16,221.214.0.0/15,221.216.0.0/13,221.224.0.0/13,221.232.0.0/14,221.236.0.0/15,221.238.0.0/16,221.239.0.0/17,221.239.128.0/17,222.16.0.0/15,222.18.0.0/15,222.20.0.0/15,222.22.0.0/16,222.23.0.0/16,222.24.0.0/15,222.26.0.0/15,222.28.0.0/14,222.32.0.0/11,222.64.0.0/13,222.72.0.0/15,222.74.0.0/16,222.75.0.0/16,222.76.0.0/14,222.80.0.0/15,222.82.0.0/16,222.83.0.0/17,222.83.128.0/17,222.84.0.0/16,222.85.0.0/17,222.85.128.0/17,222.86.0.0/15,222.88.0.0/15,222.90.0.0/15,222.92.0.0/14,222.125.0.0/16,222.126.128.0/17,222.128.0.0/14,222.132.0.0/14,222.136.0.0/13,222.160.0.0/15,222.162.0.0/16,222.163.0.0/19,222.163.32.0/19,222.163.64.0/18,222.163.128.0/17,222.168.0.0/15,222.170.0.0/15,222.172.0.0/17,222.172.128.0/17,222.173.0.0/16,222.174.0.0/15,222.176.0.0/13,222.184.0.0/13,222.192.0.0/14,222.196.0.0/15,222.198.0.0/16,222.199.0.0/16,222.200.0.0/14,222.204.0.0/15,222.206.0.0/15,222.208.0.0/13,222.216.0.0/15,222.218.0.0/16,222.219.0.0/16,222.220.0.0/15,222.222.0.0/15,222.240.0.0/13,222.248.0.0/16,222.249.0.0/17,222.249.128.0/19,222.249.160.0/20,222.249.176.0/20,222.249.192.0/18
UPDATE:
As has been pointed out to me, there are other, and probably more effective ways of doing this. However, this method is instructive in learning more about the Windows firewall, and demonstrates some tricks for when other methods aren't available. That said, one of the better ways is through the open-source program PeerBlock, which can be subscribed to a number of ban lists available at iBlockList, including a list of IP ranges in China. Expect to have to make a few manual edits to unblock sites that you use, because the lists are quite extensive.
posted by Quantum Kitsune at 10:59 PM
0 Comments:
Post a Comment
<< Home