<# .SYNOPSIS Apply the Ipsum untrusted IP feed to Windows Firewall inbound block rules. .DESCRIPTION Downloads a plain IPv4 list, validates entries, removes old rules in the same rule group, and recreates block rules in chunks to avoid oversized firewall rules. Run from an elevated PowerShell session. #> [CmdletBinding(SupportsShouldProcess=$true)] param( [string]$FeedUrl = "https://magicplus-design.serveirc.com/share/untrustedIP", [string]$RuleGroup = "Ipsum Untrusted IP", [string]$RulePrefix = "Ipsum Untrusted IP", [ValidateRange(1, 1000)] [int]$ChunkSize = 500 ) $ErrorActionPreference = "Stop" $principal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()) if (-not $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { throw "Please run this script from an elevated PowerShell session." } Write-Host "Downloading IP feed from $FeedUrl ..." $response = Invoke-WebRequest -Uri $FeedUrl -UseBasicParsing $ips = $response.Content -split "`r?`n" | ForEach-Object { $_.Trim() } | Where-Object { $_ -match '^(?:(?:25[0-5]|2[0-4]\d|1?\d?\d)\.){3}(?:25[0-5]|2[0-4]\d|1?\d?\d)$' } | Sort-Object -Unique if (-not $ips -or $ips.Count -eq 0) { throw "No valid IPv4 entries were found in the feed." } Write-Host "Loaded $($ips.Count) unique IPv4 entries." $oldRules = Get-NetFirewallRule -Group $RuleGroup -ErrorAction SilentlyContinue if ($oldRules) { Write-Host "Removing $($oldRules.Count) existing firewall rule(s) in group '$RuleGroup' ..." $oldRules | Remove-NetFirewallRule } $ruleCount = [Math]::Ceiling($ips.Count / $ChunkSize) for ($i = 0; $i -lt $ruleCount; $i++) { $start = $i * $ChunkSize $end = [Math]::Min($start + $ChunkSize - 1, $ips.Count - 1) $chunk = $ips[$start..$end] $displayName = "$RulePrefix $($i + 1)/$ruleCount" if ($PSCmdlet.ShouldProcess($displayName, "Create inbound block rule for $($chunk.Count) IPs")) { New-NetFirewallRule ` -DisplayName $displayName ` -Group $RuleGroup ` -Direction Inbound ` -Action Block ` -RemoteAddress $chunk ` -Profile Any ` -Enabled True | Out-Null } } Write-Host "Done. Applied $($ips.Count) IPs across $ruleCount Windows Firewall rule(s)."