Hi I'm setting up a little 2012R2 network.
Right now I want to setup an DC and connect a few windows machines with it. It's running virtualisied on my root server and unfortunatly I can't put it behind a firewall since it's internet is routed through a subnet with a router vm (thanks Hetzner).
To have atleast a bit of security I want to block all kinds of access (ping, rdp, etc...) unless it's coming from the ips of my subnet.
So basically I want to whitelist my subnet and deny what ever is coming from the internet.
Is there a way, or atleast a best practice to accomplish this?