Windows Batch Script to lockdown firewall and only allow a few websites with dynamic IP addresses (nslookup)

This script was pretty much an extension of my earlier work on locking down windows. The problem is that that script only really worked for locking down static IP addresses. If you had a dynamic IP address you would have to manually change the firewall rules.

This script will delete the old firewall rules, find the new IP address of a host and create a new rule using that IP address.

@ECHO OFF
netsh advfirewall set domainprofile firewallpolicy allowinbound,allowoutbound
netsh advfirewall set privateprofile firewallpolicy allowinbound,allowoutbound
netsh advfirewall set publicprofile firewallpolicy allowinbound,allowoutbound 

netsh advfirewall firewall delete rule name=all dir=out protocol=tcp remoteport=80,8080,8443,443 profile=any 

for /f "tokens=1*" %%k in ('nslookup example.com.au') do (
if [%%k]==[Address:] set address=%%l
)
netsh advfirewall firewall add rule name="example" dir=out action=allow protocol=tcp remoteport=80,8080,8443,443 remoteip=%address% profile=any 

for /f "tokens=1*" %%k in ('nslookup learning.com.au') do (
if [%%k]==[Address:] set address=%%l
)
netsh advfirewall firewall add rule name="learning" dir=out action=allow protocol=tcp remoteport=80,8080,8443,443 remoteip=%address% profile=any 

netsh advfirewall set domainprofile firewallpolicy blockinbound,blockoutbound
netsh advfirewall set privateprofile firewallpolicy blockinbound,blockoutbound
netsh advfirewall set publicprofile firewallpolicy blockinbound,blockoutbound

By saving this script somewhere secure you can create an event run by the inbuilt Windows Task Scheduler to run this script daily. This way you never have to worry about updating your firewalls when IP addresses change!