Starting from version 3-1-7 RdpGuard supports advanced blocking settings allowing you to define how it should
block attackers' IP addresses from accessing your server.
Earlier versions of RdpGuard block all access to the server when the number of failed login attempts from
a single IP address reached a set limit.
In some cases you may need to block only particular ports, for example RDP, FTP, SMTP
while leaving accessible other like HTTP/HTTPS.
This can be configured in Advanced blocking settings.
To open Advanced blocking settings:
1. Click Tools, Options
Click Tools, Options
The Options dialog will open:
RdpGuard Options dialog
2. Click Advanced blocking settings..
The Advanced blocking settings dialog will open:
How to block access to all ports
3.a. If you would like to block access to all ports on your server (i.e. make your server invisible to the attacker),
tick the Block access to all ports on the server checkbox and click Save
3.b. If you would like to block access only to particular protocols, untick the Block access to all ports on the server
checkbox and specify the ports you want to block when the number of failed logon attempts reaches a set limit.
How to block only particular ports
4. Click Save
Things to consider when blocking multiple custom ports: - if you would like to block multiple ports
like shown on the screenshot above, please note that this will increase the number of filters added to the
Windows Filtering Platform proportionally.
The number of filters added to Windows Filtering Platform affects the network (and overall) performance of your server,
this is why we recommend default blocking period of 24 hours to keep the list of blocked IP addresses short.
When you block all access to the server (the Block access to all ports on the server checkbox ticked)
- one filtering rule is required to block one IP address, the same is for blocking one single port (like 3389).
But everything changes when you block multiple ports, like 3389, 21, 25, 110. The number of filters added to
Windows Filtering Platform increases proportionally.
For example, blocking access for 1000 IP addresses to all ports on the server (or to single port) requires 1000 rules
in Windows Filtering Platform. When you block access for the same 1000 IP addresses to 4 ports (like 3389, 21, 25, 110)
- 4000 rules are added to Windows Filtering Platform which may have higher impact on your network performance.
